Cross Site Scripting (XSS) Attacks for Pentesters – XFP

$14.99

Cross Site Scripting or XSS is still one of the most common injection vulnerability that exist in modern as well as legacy Web Applications. This course will teach XSS in-depth and even talk about the lesser known derivatives of XSS called Mutation XSS (mXSS) and Relative Path Overwrite XSS (RPO XSS). If you are interested in learning about the different types of XSS, different context in XSS, and about real world red team XSS Exploitation, then this course is for you and it does not take hours. Invest just 2 hours and master XSS in-depth.

Description

Cross Site Scripting or XSS is still one of the most common injection vulnerability that exist in modern as well as legacy Web Applications. This course will teach XSS in-depth and even talk about the lesser known derivatives of XSS called Mutation XSS (mXSS) and Relative Path Overwrite XSS (RPO XSS). If you are interested in learning about the different types of XSS, different context in XSS, and about real world red team XSS Exploitation, then this course is for you and it does not take hours. Invest just 2 hours and master XSS in-depth.

This course is completely hands-on and every concept is explained with a demo or exercise. This allow students to try out all the things that they have learned. This course explains XSS, its types, context and also discuss about exploiting XSS vulnerabilities in real world where you can perform offensive attacks ranging from Keylogging, Cookie Stealing, Phishing, Victim/Browser/Network Fingerprinting to much advanced attacks like reverse TCP shell, Driveby Attacks etc with OWASP Xenotix XSS Exploit Framework.

OWASP Xenotix XSS Exploit Framework is an Advanced Cross Site Scripting Vulnerability Detection and Exploitation Framework written by the author of this course. Finally we will also discuss about XSS Protection where we discuss about Input Validation, Context Sensitive output escaping and the various security headers that help us to mitigate XSS. Also as a take away you will get “The Ultimate XSS Protection Cheat sheet” from OpenSecurity.

What are the requirements?

  • Knowing a little about HTML and JavaScript is good but not mandatory.
  • Knowledge about How a typical Web Application Works

What am I going to get from this course?

  • Over 16 lectures and 1.5 hours of content!
  • Learn about the most widely find Injection Attack, Cross Site Scripting (XSS).
  • Explore in-depth about XSS and it’s less known derivatives like mXSS and RPO XSS
  • Learn how to detect XSS in a Web Application
  • Learn about real world red team XSS Exploitation.
  • Learn how to break different contexts and execute code.

What is the target audience?

  • Pentesters
  • Web Application Security Engineers
  • Web Application Developers
  • Security Engineers
  • Students
  • Anyone with Interest in Web Security

OpSecX Course Certificate

Upon successful completion of the course, you will be given a Certificate of Appreciation and the certificate can be verified from OpSecX online.

Curriculum

Section 1: Introduction

1. Introduction to Cross Site Scripting (XSS) Attacks for Pentesters
2.What, Why and Types of XSS

Section 2: Types of XSS

3. Types of XSS
4. Reflected XSS or Non-Persistent XSS
5. Stored XSS or Persistent XSS
6. DOM XSS
7. mXSS or Mutation XSS
8. RPO or Relative Path Overwrite XSS

Section 3: Sources of XSS

9. What are the Source of XSS?

Section 4: Different Contexts in XSS

10. HTML Context
11. Attribute Context
12. URL Context
13. Style Context
14. Script Context

Section 5: XSS Attacks in Real World

15. Exploiting XSS with OWASP Xenotix XSS Exploit Framework

Section 6: XSS Protection

16. XSS Protection
17. XSS Protection Cheatsheet

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.