Cross Site Scripting: Defense & Attack 

Cross-site Scripting (XSS) a client-side code injection attack. In this attack the attacker aims to execute malicious scripts into browser of the victim by including malicious code in a legitimate website or web application. The actual attack occurs when the victim visits that page or web application that executes the malicious code. The web page or web application becomes a barrier to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and website that allow comments.


Learn & Master Cross Site Scripting Attacks/Defense Practically  

Skills gained

    • Cross Site Scripting Fundamentals
    • Setup Lab Environment and test for XSS Vulnerability
    • Difference between Black Listing and White Listing Approach
    • Use Automated Scanners like Wapiti, Uni scan, OWASP ZAP, Burp Suite Pro, to find and exploit XSS and to generate a detailed report
    • How different types of Cross Site Scripting Works?
    • Use Filter Evasion Cheat Sheets to bypass WAFs and Firewalls, and Prevention Cheat Sheets to implement secure coding practices, and learn proper handling of untrusted data
    • Prevent or Restrict XSS using different Defensive Solutions - Escaping User Input, Content Security Policy, Using Appropriate Sources and Sinks, etc

What will I need?

    • Good Knowledge of HTML and JavaScript (Basic HTML tags, JavaScript Functions)
    • Basic Knowledge of HTTP Client-Server Architecture (How a client sends a request and a server sends a response back to the client?)
    • Basic Knowledge of Linux Commands and tools (Moving a file, copying a file, Starting Services etc.)
    • Optional Knowledge of Server Side Programming Language like PHP
    • OWASP top 10 (Not Mandatory)
    • Understanding of Virtualization Software’s like VMware/Virtual Box (Not Mandatory)

Is this course right for me?

  • CyberSecurity Enthusiasts
  • Bug Hunters
  • Web Application Penetration Testers
  • Web Developers
  • Security Researchers

What am I going to learn?

  • Introduction
  • Installing and Configuring DVWA
  • Introduction to Cross Site Scripting
  •  Stored XSS
  •  Reflected XSS
  •  DOM Based XSS
  • Cookie Stealing with XSS
  • Phishing Attack
  •  Wapiti Vulnerability Scanner
  • Uni scan Vulnerability Scanner
  • Finding XSS with OWASP ZAP - Part 1
  • Finding XSS with OWASP ZAP - Part 2
  • Finding XSS with Burp Suite Pro
  • Escaping User Input
  • Content Security Policy - Part 1
  •  Content Security Policy - Part 2
  •  Preventing DOM Based XSS
  •  Cheat Sheets
  •  Libraries and Modules

Take this course and learn a new skill today




Tags

Post a Comment

إرسال تعليق

أحدث أقدم