mdn · hamishwillee · Dec 17, 2024 · Oct 19, 2024 · Oct 20, 2024 · Oct 20, 2024
@@ -0,0 +1,12 @@
+---
+title: Attacks
+slug: Web/Security/Attacks
+page-type: guide
+---
+
+In web security, an attack is a specific method an attacker uses to achieve their goal. For example, if their goal is to steal a user's data, a cross-site scripting (XSS) attack is one method they might use. A given attack may be countered by one or more mitigations: for example, XSS might be countered by properly sanitizing data and implementing a [content security policy](/en-US/docs/Web/HTTP/CSP).
+
+This page links to pages explaining how some common attacks work, and how they can be mitigated.
+
+- [Cross-site scripting (XSS)](/en-US/docs/Web/Security/Attacks/XSS)
+  - : In a cross-site scripting (XSS) attack, a website accepts some input crafted by the attacker and mistakenly includes this input in the site's own pages in a way that makes the browser execute it as code. The malicious code can then do anything that the site's own front-end code could do.
diff --git a/files/en-us/web/security/attacks/xss/client-side-xss.svg b/files/en-us/web/security/attacks/xss/client-side-xss.svg
diff --git a/files/en-us/web/security/attacks/xss/django-output.png b/files/en-us/web/security/attacks/xss/django-output.png
diff --git a/files/en-us/web/security/attacks/xss/server-side-xss.svg b/files/en-us/web/security/attacks/xss/server-side-xss.svg