Cross Site Scripting: Attack & Defense

Learn about Cross Site Scripting Attacks and how to Prevent them

Created by: Tejaswa Rastogi
Penetration Tester and Security Researcher

What Will I Learn?

• Setup Lab Environment and test for XSS Vulnerability
• Cross Site Scripting Fundamentals
• How different types of Cross Site Scripting Works?
• Perform Different Cross Site Scripting Attacks - Phishing, Cookie Stealing & Session Hijacking
• Use Automated Scanners like Wapiti, Uniscan, OWASP ZAP, Burp Suite Pro, to find and exploit XSS and to generate a detailed report
• Difference between Passive and Active Scan
• Apply Security Measures
• Prevent or Restrict XSS using different Defensive Solutions - Esccaping User Input, Content Security Policy, Using Appropriate Sources and Sinks, etc.
• Difference between BlackListing and WhiteListing Approach
• Use Filter Evasion Cheat Sheets to bypass WAFs and Firewalls, and Prevention Cheat Sheets to implement secure coding practices,and learn proper handling of untrusted data
• Use different libraries and modules to add an extra security layer in web applications

Requirements

• Good Knowledge of HTML and JavaScript (Basic HTML tags, JavaScript Functions)
• Basic Knowledge of HTTP Client-Server Architecture (How a client sends a request and a server sends a response back to the client?)
• Basic Knowledge of Linux Commands and tools (Moving a file, Copying a file, Starting Services etc.)
• Optional Knowledge of Server Side Programming Language like PHP
• OWASP top 10 (Not Mandatory)
• Understanding of Virtualization Softwares like VMware/VirtualBox (Not Mandatory)

Target audience

• CyberSecurity Enthusiasts
• Bug Hunters
• Web Application Penetration Testers
• Web Developers
• Security Researchers