Cross Site Scripting (XSS) Attacks for Pentesters
3.5 (20 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
156 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Cross Site Scripting (XSS) Attacks for Pentesters to your Wishlist.

Add to Wishlist

Cross Site Scripting (XSS) Attacks for Pentesters

Learn about the most common web application code injection vulnerability called Cross Site Scripting or XSS in-depth.
3.5 (20 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
156 students enrolled
Created by Ajin Abraham
Last updated 1/2015
English
Current price: $10 Original price: $60 Discount: 83% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 1 hour on-demand video
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Learn about the most widely find Injection Attack, Cross Site Scripting (XSS).
  • Explore in-depth about XSS and it's less known derivatives like mXSS and RPO XSS
  • Learn how to detect XSS in a Web Application
  • Learn about real world red team XSS Exploitation.
  • Learn how to break different contexts and execute code.
View Curriculum
Requirements
  • Knowing a little about HTML and JavaScript is good but not mandatory.
  • Knowledge about How a typical Web Application Works
Description

Cross Site Scripting or XSS is still one of the most common injection vulnerability that exist in modern as well as legacy Web Applications. This course will teach XSS in-depth and even talk about the lesser known derivatives of XSS called Mutation XSS (mXSS) and Relative Path Overwrite XSS (RPO XSS). If you are interested in learning about the different types of XSS, different context in XSS, and about real world red team XSS Exploitation, then this course is for you and it does not take hours. Invest just 2 hours and master XSS in-depth.

This course is completely hands-on and every concept is explained with a demo or exercise. This allow students to try out all the things that they have learned. This course explains XSS, its types, context and also discuss about exploiting XSS vulnerabilities in real world where you can perform offensive attacks ranging from Keylogging, Cookie Stealing, Phishing, Victim/Browser/Network Fingerprinting to much advanced attacks like reverse TCP shell, Driveby Attacks etc with OWASP Xenotix XSS Exploit Framework.

OWASP Xenotix XSS Exploit Framework is an Advanced Cross Site Scripting Vulnerability Detection and Exploitation Framework written by the author of this course. Finally we will also discuss about XSS Protection where we discuss about Input Validation, Context Sensitive output escaping and the various security headers that help us to mitigate XSS. Also as a take away you will get "The Ultimate XSS Protection Cheat sheet" from OpenSecurity.

The course will cover the following things.

  • What is XSS?
  • Why XSS?
  • Types of XSS
    • Reflected XSS or Non-Persistent XSS
    • Stored XSS or Persistent XSS
    • DOM XSS
      • mXSS or Mutation XSS
    • RPO or Relative Path Overwrite XSS
  • What are the Source of XSS?
  • Different Contexts in XSS
    • HTML Context
    • Attribute Context
    • URL Context
    • Style Context
    • Script Context
  • Attacks in Real World
  • Exploiting XSS with OWASP Xenotix XSS Exploit Framework
  • XSS Protection
Who is the target audience?
  • Pentesters
  • Web Application Security Engineers
  • Web Application Developers
  • Security Engineers
  • Students
  • Anyone with Interest in Web Security
Students Who Viewed This Course Also Viewed
Curriculum For This Course
16 Lectures
01:23:11
+
Introduction
2 Lectures 04:42
+
Types of XSS
5 Lectures 20:45

Stored XSS or Persistent XSS
02:49

DOM XSS
04:16

mXSS or Mutation XSS
05:25

RPO or Relative Path Overwrite XSS
05:04
+
Source of XSS
1 Lecture 03:15
What are the different Sources of XSS?
03:15
+
Different Contexts in XSS
5 Lectures 17:22
HTML Context
01:42

Attribute Context
05:26

URL Context
03:31

Style Context
03:30

Script Context
03:13
+
XSS Attacks in Realworld
1 Lecture 08:32
Exploiting XSS with OWASP Xenotix XSS Exploit Framework
08:32
+
XSS Protection
2 Lectures 04:35

XSS Protection Cheatsheet
24 pages
About the Instructor
Ajin Abraham
3.6 Average rating
103 Reviews
1,098 Students
4 Courses
Security Researcher

Ajin Abraham is an Application Security Engineer by profession having 5+ years of experience in Application Security including 2 years of Security Research. He is passionate on developing new and unique security tools than depending on pre existing tools that never work. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, MalBoxie, Firefox Add-on Exploit Suite, Static DOM XSS Scanner, NodeJsScan etc to name a few.

He has been invited to speak at multiple security conferences including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In the Box and c0c0n.