Cross-site scripting (XSS) is one of the oldest web vulnerability types and still a very real threat.

In this episode, Frank Catucci and Dan Murphy talk about the origins of cross-site scripting, some high-profile attacks, and best practices to test for and also prevent XSS in applications. In the fiction segment, Mallory the hacker uses XSS to inject script into an old and vulnerable leaderboard server—but she has to work hard to get around the WAF first.