Cross-Site Scripting (XSS)- The Practical Guide
- IT & Software
- Jan 03, 2025
Cross-Site Scripting (XSS): The Practical Guide, available at $74.99, has an average rating of 4.4, with 37 lectures, based on 481 reviews, and has 3471 subscribers.
You will learn about See, in action, the dangers of XSS Learn what XSS is and how it works Learn the 3 main types of XSS: Reflected, Stored, and DOM-based Perform XSS attacks by hand and with automated tools Attack applications legally & safely to practice what youre learning Compare vulnerable and safe code side-by-side to learn best practices Learn effective defense controls to protect your applications Learn from recent real-world case studies of XSS vulnerabilities at Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok This course is ideal for individuals who are Web Developers or Pentesters or Software Developers or Application Security Engineers or IT Managers or Risk Analysts or Security Analysts or IT Students It is particularly useful for Web Developers or Pentesters or Software Developers or Application Security Engineers or IT Managers or Risk Analysts or Security Analysts or IT Students.
Enroll now: Cross-Site Scripting (XSS): The Practical Guide
Summary
Title: Cross-Site Scripting (XSS): The Practical Guide
Price: $74.99
Average Rating: 4.4
Number of Lectures: 37
Number of Published Lectures: 37
Number of Curriculum Items: 37
Number of Published Curriculum Objects: 37
Original Price: $22.99
Quality Status: approved
Status: Live
What You Will Learn
Who Should Attend
Target Audiences
About the course:
Welcome to this course on Cross-Site Scripting (XSS)! In this course, we explore one of the biggest risks facing web applications today.
I’ve spent months creating and collecting the best resources on XSS to put them in this course so that you can learn XSS in a fun, efficient, and practical manner.
We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored, and DOM-based. Then, we break down recent real-world case studies of XSS vulnerabilities from Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we create safe and legal lab environments to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver payloads that hook unsuspecting browsers and let you send commands to those browsers remotely.
From there, you can launch a number of different attacks from BeEF with command modules (ie: scan internal networks, deface websites, compromise routers, etc).
This is an important step because it demonstrates just how powerful a single, simple XSS payload can be, and why it’s critical that you defend your apps from this serious threat.
After that, we apply everything we’ve learned and pentest the OWASP Juice Shop starting with information gathering before exploiting all 3 types of XSS to complete challenges of varying difficulty.
Finally, we wrap up the course by discussing the most (and least) effective defensive controls including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat.
If you’re looking for a hands-on way of learning Cross-Site Scripting, this is your course!
Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications by providing a safe learning environment.
–
Topics we will cover together:
-
What Cross-Site Scripting (XSS) is and how it works
-
The 3 main types of XSS: Reflected, Persistent, and DOM-based
-
Recent real-world case studies of XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok
-
How to set up a lab environment with Kali Linux Virtual Machine for free
-
How to easily configure and create safe & legal lab environments using containers inside of Kali
-
How to get started with OWASP ZAP(a free alternative to Burp Suite)
-
XSS techniques with cheatsheets and references
-
How to use manually-crafted payloads to evade security filters
-
How to use automated tools to find successful XSS payloads (including ZAP, XSStrike, XSSer)
-
How to remotely control browsers with BeEF
-
How to gather information about your target in order to find potential vulnerabilities
-
How to perform XSS injections by hand with crafted requests using a proxy tool (ZAP)
-
How to use results from successful injections to exploit targets(ie: change a user’s password with a single URL via CSRF)
-
Effective (and ineffective) defensesagainst XSS
-
Side-by-side comparison of vulnerable and secure code
-
Cheatsheetsto protect your applications
-
Rules to follow in order to prevent XSS vulnerabilities for all 3 types of attacks
-
How to review code for XSS vulnerabilities
-
Recommended testing guides
–
Instructor
My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications, learn how to use the cloud, and develop secure applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity. Fast-forward to today, and I’ve co-founded a fast-growing cybersecurity community, Cybr, that also provides training resources.
As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently, and how to develop more secure applications.
I’ve taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), SQL Injection Attacks, Introduction to OS Command Injections, Lambda Deep Dive, Backup Strategies, and others.
Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.
Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, XSS is far too common and can be devastating to organizations, regardless of their size.
It’s time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we’ll do just that!
I welcome you on your journey to learning more about XSS, and I look forward to being your instructor!
Course Curriculum
Chapter 1: Getting started
Lecture 1: About the course
Lecture 2: About the author
Chapter 2: What is Cross-Site Scripting (XSS)?
Lecture 1: XSS concepts
Lecture 2: XSS types
Lecture 3: Case studies
Chapter 3: Creating our lab environment
Lecture 1: Creating our lab environment
Chapter 4: Reflected XSS
Lecture 1: Manual attacks
Lecture 2: Automated attacks
Chapter 5: Stored (Persistent) XSS
Lecture 1: Manual attacks
Lecture 2: Automated attacks
Lecture 3: Case study: Stored XSS in image alt attribute (bug bounty)
Chapter 6: DOM-based XSS
Lecture 1: Manual attacks
Lecture 2: Automated attacks
Chapter 7: postMessage XSS
Lecture 1: postMessage explained
Lecture 2: postMessage XSS
Lecture 3: postMessage XSS demo lab
Lecture 4: postMessage XSS prevention
Chapter 8: Blind XSS
Lecture 1: What is blind XSS?
Lecture 2: XSS Hunter
Chapter 9: Using BeEF
Lecture 1: BeEF Setup
Lecture 2: BeEF walkthrough
Lecture 3: BeEF hook
Lecture 4: BeEF target exploitation
Chapter 10: Attacking a web application (OWASP Juice Shop)
Lecture 1: Information gathering
Lecture 2: DOM-based XSS attacks
Lecture 3: Reflected XSS attacks
Lecture 4: Persisted XSS attacks
Chapter 11: Defending against XSS
Lecture 1: Preventing XSS
Lecture 2: Vulnerable and safe code examples
Lecture 3: Reflected and Stored XSS Prevention Rules
Lecture 4: DOM XSS Prevention Rules
Lecture 5: Common problems with mitigating DOM-based XSS
Lecture 6: Bonus rules
Lecture 7: How to review code for XSS vulnerabilities
Lecture 8: OWASP testing guide
Chapter 12: Conclusion and additional resources
Lecture 1: Additional resources
Lecture 2: What now?
Instructors
Christophe Limpalair
Co-Founder of Cybr and developer at heart
Cybr Training
Were here to help you build your cybersecurity career
Rating Distribution
Frequently Asked Questions
How long do I have access to the course materials?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Can I take my courses with me wherever I go?
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!
- Random Picks
- Popular
- Hot Reviews
- Swift for Beginners Create your first iOS App with Swift
- Google Ads- From Bidding to Tracking your results
- MERN Stack - Hotel Booking App with React ,Node ,Mongo 2021
- Life Insurance Annuity Ultimate Buyer’s Guide
- Crypto Trading Mastery (Scalping, Day trading, price action)
- Personal Finance
- Company Valuation Financial Modeling
- Dibuja y Esculpe tu COVID para Impresión 3d en Blender 2.8X
- 1YouTube Masterclass The Best Guide to YouTube Success
- 2Photoshop CC- Adjustement Layers, Blending Modes Masks
- 3Personal Finance
- 4The Architecture of Oscar Niemeyer
- 5Advanced Photoshop Manipulations Tutorials Bundle
- 6SolidWorks Essential Training ( 2023 2024 )
- 7ZB Trading Cryptocurrency Price Action Course
- 8Python for Absolute Beginners
- 1Linux Performance Monitoring Analysis Hands On !!
- 2Content Writing Mastery 1- Content Writing For Beginners
- 3Media Training for PrintOnline Interviews-Get Great Quotes
- 4Learn Facebook Ads from Scratch Get more Leads and Sales
- 5The Complete Digital Marketing Course Learn From Scratch
- 6C#- Start programming with C# (for complete beginners)
- 7[FREE] How to code 10 times faster with Emmet
- 8Driving Results through Data Storytelling