Duration: 5h00
Difficulty: Beginner to Intermediate
Topics Covered:
- Learn what Cross-Site Scripting (XSS) is and how it works
- Learn the 3 main types of XSS attacks
- Study recent real-world case studies of XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok
- Learn hands-on by performing attacks against lab environments
- Learn to use OWASP ZAP as your proxy (Burp can also be used instead)
- Learn about filter and defense evasion by looking at various case studies and crafting payloads
- Learn how to use the powerful browser exploitation framework called BeEF to hook browsers and launch commands remotely
- Learn defense controls and rules to defend against the 3 main types of XSS
Recommended pre-requisites:
- Experience working with web applications
- Experience working with JavaScript
- Course Ebook (purchased with bundle or separately)
Course Content
Getting Started
What is Cross-Site Scripting (XSS)?
Creating our lab environment
Reflected XSS
Stored (Persistent) XSS
DOM-based XSS
postMessage XSS
Blind XSS
Using BeEF
Attacking a web application (OWASP Juice Shop)
Defending against XSS
Conclusion and additional resources
About Instructor
Login
Accessing this course requires a login. Please enter your credentials below!