Back to Course

Cross-Site Scripting (XSS): The 2021 Guide

0% Complete
0/0 Steps
  1. Getting Started
    About the course
  2. What is Cross-Site Scripting (XSS)?
    XSS concepts
  3. Stored (Persistent) XSS
    Manual attacks
  4. Blind XSS
    What is blind XSS?
Lesson 1 of 41
In Progress

About the course

Christophe November 20, 2020

About the Course

Hi, I’m Christophe Limpalair, and I will be your instructor for this course. I want to take the time to thank you for enrolling and to share more details about how the course is structured, and what you will learn.

Cross-Site Scripting is one of the most serious web application security risks that we face today, and have been facing for years. But unless you understand how it works, it’s impossible to properly defend your applications.

So, the goal of this course is to give you a deep understanding of XSS, including explaining the different types of XSS:

We’ll also take a look at case studies of real-world XSS in popular applications, we’ll learn how to find vulnerabilities in web apps with tips on information gathering, manual testing, and automated testing using tools made specifically for finding XSS.

Then, we’ll take a look at how to exploit those vulnerabilities, including exploitation tools like BeEF in order to take control of a victim’s browser.

Finally, we’ll wrap up the course, by learning how to properly defend against and prevent Cross-Site Scripting in our own applications.

In my opinion, there’s no better way to learn a technical topic than to get our hands dirty and perform attacks that could happen against our own applications.

So, I’ll show you exactly how to set up the same environments and tools that I’ll be using, so you can follow along attack by attack in a safe and legal way, because I want you to get the practical experience, and to practice the concepts that you’re learning. That way, this course can become a resource that you can constantly reference throughout your development career.

We also provide a Cybr community which you can access by going to Cybr.com/forums as long as you have an account, or that you can also join via Discord by going to Cybr.com/discord. This is a great place to ask questions, provide feedback, and engage with the rest of our cybersecurity community. We even have dedicated channels for this course specifically, so it gives you a chance to connect with other students. You can also reach me there if you have any questions or just want to say hello.

Another great way to reach me is by connecting on LinkedIn. I definitely spend way too much time there, so feel free to send me an invite and I’ll be happy to connect!

How to use Cybr’s Video Player

The video player on Cybr includes a number of features that you might find useful as you progress through the course. In this brief section, I’ll highlight some of those features so that you know how to use them!

Enable High-Definition

Sometimes, the player will decide not to enable HD, which will make the video look fuzzy and pixelated. You can check whether it is enabled or disabled by hovering over the video player. In the bottom right corner, you will see “HD.” If HD is white, then it is enabled. If it’s grey, that means it’s disabled. Simply click it to enable/disable.

Speed me up or slow me down

Directly to the left of the HD control, you will see a “1x” which represents the playback speed. If you find that I’m speaking too slowly or too quickly, you can click on that “1x” and select from: 0.5x, 1x, 1.5x, or 2x.

Full screen mode

Directly to the right of the HD control, you will see a square shape. If you click this, it will make the video player full screen. You can press Escape on your keyboard to escape full screen.

Adjust volume

If you’d like to increase the volume, hover over the bars situated between the “play” symbol and the timestamps. This is in the bottom left corner of the player. Once you hover, you’ll be able to increase or decrease the volume.

Enable picture-in-picture mode

Picture-in-picture mode is very practical because it allows you to move and resize the video player however you’d like, outside of your browser window. This means you can increase/decrease the size of the player to better see what’s being displayed, and you can scroll through the written lesson notes while still watching the video! Try it out!

This should work with most modern browsers, but if you don’t see the option, try a different browser.

Step 1: click the picture-in-picture icon in the video player. Your icon may look a bit different depending on your browser.

Step 2: resize and move the player wherever you’d like, and scroll through the notes as you watch the lesson!

That’s it! Once you’re ready, complete this lesson, and I’ll see you in the next!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. If you have any questions about the course content, you can ask in this “Responses” section that is at the bottom of every lesson! Feel free to also provide additional thoughts, ideas, resources, etc…that are relevant to the lesson! Of course, you can also ask in our Forums (https://cybr.com/forums) or Discord (https://cybr.com/discord). Enjoy!