1
00:00:01,180 --> 00:00:08,580
Long number for if you allow a bad guy to run active content on your website it's not your website anymore.

2
00:00:10,570 --> 00:00:13,180
At present this rule seems a bit archaic.

3
00:00:13,510 --> 00:00:18,460
Twelve years ago a Web site defacement was a large scale problem discussed by the press and mentioned

4
00:00:18,460 --> 00:00:20,840
on TV.

5
00:00:21,030 --> 00:00:26,200
You can see one example of web site defacement in the slide.

6
00:00:26,270 --> 00:00:30,750
This proves that the rule was at some point valid.

7
00:00:30,870 --> 00:00:34,600
Nowadays there's nothing special in placing your own content on a Web site.

8
00:00:36,780 --> 00:00:39,130
We're living in the second era of the Internet.

9
00:00:40,650 --> 00:00:47,500
Most web sites are interactive administrators and developers learn that you can limit attempts to gain

10
00:00:47,500 --> 00:00:54,330
control over web servers by allowing Husna content on the Web site.

11
00:00:54,350 --> 00:00:59,950
Right now you don't need control over the web server to modify the site's content as was in the past.

12
00:01:01,550 --> 00:01:06,720
The risk still comes from users visiting a given site.

13
00:01:06,740 --> 00:01:13,770
This is the basis of one of the most frequent attacks ever cross-site scripting.

14
00:01:13,870 --> 00:01:19,580
It consists of injecting client side scripts into trusted Web sites or in changing links to these sites.

15
00:01:21,550 --> 00:01:28,540
The attack is conducted through the site itself or through a link to the site despite mentioned reservations.

16
00:01:28,540 --> 00:01:37,630
The fourth law is still valid if someone can without restriction modify the content of a Web site he

17
00:01:37,630 --> 00:01:44,080
or she creates a threat for the web server and for the users of the Web site.

18
00:01:44,180 --> 00:01:47,500
It's not the same however as gaining control over the web server.