Cross-Site Scripting (XSS): The Practical Guide

Learn hands-on how to perform and defend against one of the most devastating web attacks: XSS

Created by Christophe Limpalair, Cybr Training | 4 hours on-demand video course

Welcome to this course on Cross-Site Scripting (XSS)! In this course, we explore one of the biggest risks facing web applications today. I’ve spent months creating and collecting the best resources on XSS to put them in this course so that you can learn XSS in a fun, efficient, and practical manner.

We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored, and DOM-based. Then, we break down recent real-world case studies of XSS vulnerabilities from Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we create safe and legal lab environments to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver payloads that hook unsuspecting browsers and let you send commands to those browsers remotely.

What you’ll learn

• See, in action, the dangers of XSS
• Learn what XSS is and how it works
• Learn the 3 main types of XSS: Reflected, Stored, and DOM-based
• Perform XSS attacks by hand and with automated tools
• Attack applications legally & safely to practice what you’re learning
• Compare vulnerable and safe code side-by-side to learn best practices
• Learn effective defense controls to protect your applications
• Learn from recent real-world case studies of XSS vulnerabilities at Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok

Recommended Course

Complete Ethical Hacking Bootcamp 2023: Zero to Mastery

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Redeem Offer

Click to open site

Udemy

success 100%