Heard of XSS but not quite sure what it is? With this course, you’ll not only learn the 3 major types, but you’ll compromise sample apps and learn how to defend your applications against one of the most serious threats facing web apps today.
Covering concepts is important, but applying those concepts is even more important. This course has about 30% concepts and 70% practical.
Learn about the different types of XSS attacks
There are 3 main types of XSS attacks: Reflected, stored (or Persisted), and DOM-based. Each type has differences which are important to understand because they change how you approach both attacking and defending an application.
We take a look at real-world XSS from companies like Tesla, Google, Airbnb, and Facebook from Bug Bounties that resulted in tens of thousands of dollars in payouts. For example, one of the studied case studies was Blind XSS from a Tesla Model 3. Super cool.
After you’ve learned the concepts of XSS, it’s time to get practical. In this section of the course, we apply the concepts we’ve learned to practice finding vulnerabilities, crafting successful payloads, and exploiting vulnerabilities. We’ll even use the popular exploitation framework called BeEF to hook a simulated victim and control their browser remotely.
In the last section of the course, we learn best practices and techniques to defend against the three types of XSS attacks. We take a side-by-side look at vulnerable versus secure code, we review in-depth cheat sheets and rules, as well as recommended code review techniques.
Free Download Link-
Note: Comment below if you find the link dead.