Training
Cross-site Scripting (XSS)
Training Overview
The "Cross-Site Scripting (XSS)" training provides a comprehensive understanding of XSS attacks, which are commonly seen in web applications and pose significant security risks, and how to protect against them. The training begins with an explanation of what XSS is and why it is dangerous, and then focuses on different types of XSS, such as Reflected, Stored, DOM, and Blind XSS.
What You Will Learn
- The different types of XSS attacks (Reflected, Stored, DOM, and Blind).
- How to perform session hijacking by stealing cookies.
- How to create effective XSS payloads to bypass filters.
- The fundamentals of preventing XSS vulnerabilities in web applications.
Who is this for?
- Web Developers aiming to write secure code.
- Penetration Testers specializing in web applications.
- Bug Bounty Hunters searching for web vulnerabilities.
- Application Security Engineers.
Prerequisites
- A basic understanding of HTML and JavaScript.
- Familiarity with how web browsers and servers communicate (HTTP).
- Prior experience with a web proxy like Burp Suite is helpful but not required.
Tools You Will Use
- Burp Suite
- OWASP ZAP
- Browser Developer Tools
- Various XSS payload lists
Training Sections
- Introduction
- Reflected XSS
- Stored XSS
- DOM-based XSS
- Blind XSS
- Common XSS Payload List
- Session Hijacking Attack
- XSS Vulnerability Scanning Tools
- Exam