Course Overview
In this course, we dive into the technical details behind Cross-Site Scripting (XSS) vulnerabilities. We explore methods for finding these vulnerabilities along with various techniques for exploiting them. We also provide insights into preventive and mitigative measures to safeguard against these types of vulnerabilities.
This is not your average course that just teaches you the basics. It's the perfect mix of theory and practice! This course contains over 4 hours worth of content that not only describes the technical details behind XSS vulnerabilities, but also includes 24 labs that give you hands-on experience exploiting real-world examples.
Requirements:
- Basic knowledge of computers (i.e. how to use the internet).
- Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
- Latest version of Kali Linux VM (free download).
- PortSwigger Web Security Academy account to access the labs (free registration).
-
Basic knowledge of Python Scripting.
COURSE CURRICULUM - 4 HOURS
- Lab #1 Reflected XSS into HTML context with nothing encoded (3:47)
- Lab #2 Stored XSS into HTML context with nothing encoded (5:06)
- Lab #3 DOM XSS in document.write sink using source location.search (7:46)
- Lab #4 DOM XSS in innerHTML sink using source location.search (6:03)
- Lab #5 DOM XSS in jQuery anchor href attribute sink using location.search source (7:09)
- Lab #6 DOM XSS in jQuery selector sink using a hashchange event (10:14)
- Lab #7 Reflected XSS into attribute with angle brackets HTML-encoded (5:05)
- Lab #8 Stored XSS into anchor href attribute with double quotes HTML-encoded (5:50)
- Lab #9 Reflected XSS into a JavaScript string with angle brackets HTML encoded (5:54)
- Lab #10 DOM XSS in document.write sink using source location.search inside a select element (8:18)
- Lab #11 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded (4:30)
- Lab #12 Reflected DOM XSS (7:46)
- Lab #13 Stored DOM XSS (8:08)
- Lab #14 Exploiting cross-site scripting to steal cookies (9:21)
- Lab #15 Exploiting cross-site scripting to capture passwords (10:01)
- Lab #16 Exploiting XSS to perform CSRF (12:08)
- Lab #17 Reflected XSS into HTML context with most tags and attributes blocked (10:57)
- Lab #18 Reflected XSS into HTML context with all tags blocked except custom ones (10:23)
- Lab #19 Reflected XSS with some SVG markup allowed (6:34)
- Lab #20 Reflected XSS in canonical link tag (7:26)
- Lab #21 Reflected XSS into a JavaScript string with single quote and backslash escaped (4:32)
- Lab #22 Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped (5:36)
- Lab #23 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped (7:40)
- Lab #24 Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped (3:19)
This course is included in
the All-Access Membership
plan starting at $29.99/month
Gain full access to this course as well as our entire course catalog by enrolling in the All-Access Membership plan.
ABOUT THE AUTHOR
Rana Khalil is an accomplished Application Security Engineer currently steering the digital safety ship in Canada's dynamic public and private sectors. With her cutting-edge expertise, she's not only securing applications, but also shaping the future of cybersecurity across the nation.
She holds a Bachelor's and Master’s degree in Computer Science and is OSCP certified. She has spoken about her research at various local and international conferences, and received several awards and honorable mentions for her contributions to the cybersecurity community.
Follow Rana on Social Media:
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Youtube: https://www.youtube.com/channel/UCKaK-XPQAbznwIISC...
Courses Included in the All-Access Membership Plan
Frequently Asked Questions (FAQ)
What is the refund policy?
All students are entitled to a 3-day refund from the date of purchase of the All-Access Membership. Please follow the instructions outlined in this link to submit a refund request.
Will I receive a certificate of completion after I finish the course?
Yes, we currently provide a certificate of completion. However, the course is designed to help aid students in the preparation for PortSwigger's Burp Suite Certified Practitioner certification. Therefore, students are encouraged to enroll in the certification if they feel they are ready.
Does the course include subtitles?
Yes, all of the lessons in this course feature auto-generated English, Arabic, Spanish, Portuguese, Hindi & French subtitles. We are currently in the process of having these subtitles reviewed by human experts to ensure their accuracy.
Is the course eligible for Continuing Professional Education (CPE) credits?
Yes, each certificate of completion specifies the total CPE credits earned.