XSSing JS-MVC Applications – XJA


The main objective of is to bring students up to speed with various security aspects of interfaces developed using JavaScript Model-View-Controller ideology. This course is in no way related to finding bypasses in the core frameworks, but more related to finding vulnerabilities in the applications developed by improper usage of these otherwise perfect frameworks. This is a deep dive course where the students will be building userscripts to dynamically hook into different templating engines to fuzz for Cross Site Scripting vulnerabilities.

Modules