Workshop's eBook: Journey In The World of The XSS. The mechanics behind Cross-Site Scripting vulnerabilities and attacks.

Table of Contents:

The mechanics behind Cross-Site Scripting vulnerabilities and attacks.

During the eBook we will show how to use the burp suite and other tools in order to detect and exploit the vulnerabilities.

How to detect and exploit the vulnerabilities behind this kind of attacks and how to make a Proof of Concept that can make your customers understand the risks they are exposed to?
How to detect and exploit the vulnerabilities behind this kind of attack over protocols different from HTTP?
How to use the network protocol analyzer and the packet manipulation software in order to detect and exploit the vulnerabilities?

Topics:

• Web application securityXSS Attacks
• Types of XSS
• Causes of XSS
• Risks that result from XSS attacks
• Useful Javascript functions to exploit XSS
• Detect the vulnerabilities that allow you to perform XSS attacks
• XSS Attack Vectors (HTTPWEB Based)
• XSS Reflected VS Stored
• DOM based XSS
• How to trick users
• Write your first XSS exploit
• XPS Attacks (Cross Protocol Scripting)
• XPS Attack Vectors
• Network Packet manipulation with scapy
• Detect the vulnerabilities that allow you to perform XPS attacks
• XPS practical example: linksys 0day introduction
• Introduction to XSS Filter evasion
• Filter evasion via “unusual” attack vector
• Filter evasion via character encoding
• Example of filter evasion
• Common tools useful during a pentest to perform XSS attacks

Visit the original course:

Taking part in the course will get you:

• More material;
• Instructor's guidance;
• Exercises and challenges;
• Open discussion with the instructor and other students;
• Certificate of Completion.

COURSES >>