Cross-Site Scripting (XSS): The Practical Guide Course
Learn hands-on how to perform and defend against one of the most devastating web attacks: XSS
Welcome to this course on Cross-Site Scripting (XSS)! In this course, we explore one of the biggest risks facing web applications today. I’ve spent months creating and collecting the best resources on XSS to put them in this course so that you can learn XSS in a fun, efficient, and practical manner.
We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored, and DOM-based. Then, we break down recent real-world case studies of XSS vulnerabilities from Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we create safe and legal lab environments to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver payloads that hook unsuspecting browsers and let you send commands to those browsers remotely.
From there, you can launch a number of different attacks from BeEF with command modules (ie: scan internal networks, deface websites, compromise routers, etc…).
What you’ll learn
- See, in action, the dangers of XSS
- Learn what XSS is and how it works
- Learn the 3 main types of XSS: Reflected, Stored, and DOM-based
- Perform XSS attacks by hand and with automated tools
- Attack applications legally & safely to practice what you’re learning
- Compare vulnerable and safe code side-by-side to learn best practices
- Learn effective defense controls to protect your applications
- Learn from recent real-world case studies of XSS vulnerabilities at Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok
Recommended Ethical Hacking Course