Cross Site Scripting (XSS) Attacks for Pentesters

Cross Site Scripting (XSS) Attacks for Pentesters
English | Size: 162.71 MB
Category: CBTs

Cross Site Scripting or XSS is still one of the most common injection vulnerability that exist in modern as well as legacy Web Applications. This course will teach XSS in-depth and even talk about the lesser known derivatives of XSS called Mutation XSS (mXSS) and Relative Path Overwrite XSS (RPO XSS). If you are interested in learning about the different types of XSS, different context in XSS, and about real world red team XSS Exploitation, then this course is for you and it does not take hours. Invest just 2 hours and master XSS in-depth.

This course is completely hands-on and every concept is explained with a demo or exercise. This allow students to try out all the things that they have learned. This course explains XSS, its types, context and also discuss about exploiting XSS vulnerabilities in real world where you can perform offensive attacks ranging from Keylogging, Cookie Stealing, Phishing, Victim/Browser/Network Fingerprinting to much advanced attacks like reverse TCP shell, Driveby Attacks etc with OWASP Xenotix XSS Exploit Framework.

OWASP Xenotix XSS Exploit Framework is an Advanced Cross Site Scripting Vulnerability Detection and Exploitation Framework written by the author of this course. Finally we will also discuss about XSS Protection where we discuss about Input Validation, Context Sensitive output escaping and the various security headers that help us to mitigate XSS. Also as a take away you will get "The Ultimate XSS Protection Cheat sheet" from OpenSecurity.

The course will cover the following things.

What is XSS?
Why XSS?
Types of XSS
Reflected XSS or Non-Persistent XSS
Stored XSS or Persistent XSS
mXSS or Mutation XSS
RPO or Relative Path Overwrite XSS
What are the Source of XSS?
Different Contexts in XSS
HTML Context
Attribute Context
URL Context
Style Context
Script Context
Attacks in Real World
Exploiting XSS with OWASP Xenotix XSS Exploit Framework
XSS Protection
Who is the target audience?
Web Application Security Engineers
Web Application Developers
Security Engineers
Anyone with Interest in Web Security

About WoW Team

I'm WoW Team , I love to share all the video tutorials. If you have a video tutorial, please send me, I'll post on my website. Because knowledge is not limited to, irrespective of qualifications, people join hands to help me.