Journey In The World of The XSS (W4) - Pentestmag

 Learn the mechanics behind Cross-Site Scripting vulnerabilities and attacks.


The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription

Web application security is a really wide topic that spread from technologies related issues to processes related issues. In brief, web application security consists of a series of procedures, good practices and effective countermeasures, adopted by organizations, programmers and sysadmins in order to prevent a loss of Confidentiality, Integrity and Availability of a web application and of the information it manages. Nowadays is fundamental to take care about web application security because web applications became mission critical: from 70s to late 90s companies ran their business on dedicated machines located inside the corporate network and accessed only through specialized client software and\or hardware, now they expose their critical system through a web interface accessible by standard protocols (HTTP/HTTPS) and common clients (web browsers). In a typical multi tier application the attack surface could be represented as the following:

  • Presentation tier: this tier represents the set of functionalities used to present the information to the end-user. Elements of the attack surface for this layer are for example the HTML, the Javascript code, the Java applet, the Flash applications, etc. Usually an attack to this layer targets the end user and exploit the trust relationship among user and web application components. The classical attack carried out through this layer is the Cross Site Scripting and the workshop will cover this particular kind of attack;
  • Logic tier: this tier implements the business logic of the web application. Elements of the attack surface for this layer are for example the functionalities that accepts user input that are poorly implemented. The attacks to this layer targets the web application itself or the user data managed by the web application through the vulnerable functionalities;
  • Data Tier: this tier often is the most important one because it keeps the data valuable for the business. Elements of the attack surface for this layer are for example store procedures and generally the functionalities implemented to store and retrieve the information. The attacks to this layer targets the information managed by the web application.

Threat agents caught this opportunity moving their way to attack a company from sophisticated network attacks to more reliable web attacks. One of the reasons that leads a threat agent to attack a web application, is that it offers multiple layers susceptible to several classes of attack.


After completing this course you will be able to: 

  • Detect and exploit XSS vulnerability.
  • Understand the real risk behind this kind of of vulnerability.
  • Impress your customers with awesome Proof of Concept far beyond the classic pop-up.


What will you learn in this workshop



- Introduction to web application security
- Introduction to XSS Attacks
- Types of XSS
- Causes of XSS
- Risks that result from XSS attacks
- Useful Javascript functions to exploit XSS
- Test


- Detect the vulnerabilities that allow you to perform XSS attacks
XSS Attack Vectors (HTTPWEB Based)
XSS Reflected VS Stored
- DOM based XSS
- How to trick users
- Write your first XSS exploit
- Test


- Introduction to XPS Attacks (Cross Protocol Scripting)
- XPS Attack Vectors
- Introduction to scapy
- Network Packet manipulation with scapy
- Detect the vulnerabilities that allow you to perform XPS attacks
- XPS practical example: linksys 0day introduction
- Test


- Introduction to XSS Filter evasion
- Filter evasion via "unusual" attack vector
- Filter evasion via character encoding
- Example of filter evasion
- Common tools useful during a pentest to perform XSS attacks
- Test

Your instructor: Francesco Perna
w4 instructor

Questions? Reach out to us at [email protected]

Course Reviews


2 ratings
  • 5 stars0
  • 4 stars2
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. anushka chhoker


    very nice course

  2. good but incomplete


    this course is a bit dated. it starts well with an interactive programming assignment at the end of the first module but the final three modules all have ungraded “do-it-yourself” style assignments with no feedback. The content is good but too many external references. Needs to be revamped to match current threats and a more constructed hands-on approach would be my preference rather than a block of text to read. As it is, this is more of a very interesting article/ebook than an actual learning environment.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023