All in One Offer! | Access Unlimited Courses in any category starting at just $29. Signup today. Offer Ends in: 3 Days!

Browse Library

Get Unlimited Learning Access
3 days left at this price!
30-Day Money-Back Guarantee

It Includes

  • Get Full Access to the platform
  • Access to 16000+ online courses
  • High Quality Recorded Lectures
  • Learn Online from Mobile/PC/Tablet
  • Assignments & Projects
  • Online iLab Access
  • Certificate of Completion
  • Download for offline viewing
  • Free Instructor Support
  • Access valid for 1 user only
  • Cancel Anytime
  • Setup Lab Environment and test for XSS Vulnerability
  • Cross Site Scripting Fundamentals
  • How different types of Cross Site Scripting Works?
  • Perform Different Cross Site Scripting Attacks - Phishing, Cookie Stealing & Session Hijacking
  • Use Automated Scanners like Wapiti, Uniscan, OWASP ZAP, Burp Suite Pro, to find and exploit XSS and to generate a detailed report
  • Difference between Passive and Active Scan
  • Apply Security Measures
  • Prevent or Restrict XSS using different Defensive Solutions - Esccaping User Input, Content Security Policy, Using Appropriate Sources and Sinks, etc.
  • Difference between BlackListing and WhiteListing Approach
  • Use Filter Evasion Cheat Sheets to bypass WAFs and Firewalls, and Prevention Cheat Sheets to implement secure coding practices,and learn proper handling of untrusted data
  • Use different libraries and modules to add an extra security layer in web applications

The course is specifically designed to understand Cross Site Scripting Vulnerability with a complete Practical Hands-On Experience. This course will train the students to setup their own local penetration testing environment to practice in a safe and contained environment. The students will learn what Cross Site Scripting Vulnerability really is, and how different types of XSS works? Then they will follow an Attacking Approach to deeply understand how XSS attacks happen in real life. They will learn to use different vulnerability scanners to find XSS vulnerabilities. They will also learn to prevent and restrict XSS attacks by using methods like - Escaping User Input, Content Security Policy, etc, thus following a Defensive Approach, hence then name of the course: “Cross Site Scripting: Attack & Defense”, and last but not the least, they will learn to use different cheat sheets to evade WAFs and Firewalls, and also to prevent XSS attacks by implementing secure coding practices and proper handling of untrusted data.

  • Good Knowledge of HTML and JavaScript (Basic HTML tags, JavaScript Functions)
  • Basic Knowledge of HTTP Client-Server Architecture (How a client sends a request and a server sends a response back to the client?)
  • Basic Knowledge of Linux Commands and tools (Moving a file, Copying a file, Starting Services etc.)
  • Optional Knowledge of Server Side Programming Language like PHP
  • OWASP top 10 (Not Mandatory)
  • Understanding of Virtualization Softwares like VMware/VirtualBox (Not Mandatory)
  • CyberSecurity Enthusiasts
  • Bug Hunters
  • Web Application Penetration Testers
  • Web Developers
  • Security Researchers
View More...
  • Section 1 : Introduction 1 Lectures 00:05:50

    • Lecture 1 :
  • Section 2 : Lab Setup 1 Lectures

    • Lecture 1 :
    • 2 - Installing and Configuring DVWA
  • Section 3 : XSS Fundamentals and Different Types 4 Lectures

    • Lecture 1 :
    • 3 - Introduction to Cross Site Scripting
    • Lecture 2 :
    • 4 - Stored XSS
    • Lecture 3 :
    • 5 - Reflected XSS
    • Lecture 4 :
    • 6 - DOM Based XSS
  • Section 4 : XSS Attacks 2 Lectures

    • Lecture 1 :
    • 7 - Cookie Stealing with XSS
    • Lecture 2 :
    • 8 - Phishing Attack
  • Section 5 : Scanning for XSS 5 Lectures

    • Lecture 1 :
    • 9 - Wapiti Vulnerability Scanner
    • Lecture 2 :
    • 10 - Uniscan Vulnerability Scanner
    • Lecture 3 :
    • 11 - Finding XSS with OWASP ZAP - Part 1
    • Lecture 4 :
    • 12 - Finding XSS with OWASP ZAP - Part 2
    • Lecture 5 :
    • 13 - Finding XSS with Burp Suite Pro
  • Section 6 : XSS Prevention 4 Lectures

    • Lecture 1 :
    • 14 - Escaping User Input
    • Lecture 2 :
    • 15 - Content Security Policy - Part 1
    • Lecture 3 :
    • 16 - Content Security Policy - Part 2
    • Lecture 4 :
    • 17 - Preventing DOM Based XSS
  • Section 7 : Cheat Sheets 1 Lectures

    • Lecture 1 :
    • 18 - Cheat Sheets
  • Section 8 : Libraries and Modules 1 Lectures

    • Lecture 1 :
    • 19 - Libraries and Modules
  • How do i access the course after purchase?

    Once you purchase a course (Single course or Subscription), you will be able to access the courses instantly online by logging into your account. Use the user name & password that you created while signing up. Once logged in, you can go to the "My Courses" section to access your course.
  • Are these video based online self-learning courses?

    Yes. All of the courses comes with online video based lectures created by certified instructors. Instructors have crafted these courses with a blend of high quality interactive videos, lectures, quizzes & real world projects to give you an indepth knowledge about the topic.
  • Can i play & pause the course as per my convenience?

    Yes absolutely & thats one of the advantage of self-paced courses. You can anytime pause or resume the course & come back & forth from one lecture to another lecture, play the videos mulitple times & so on.
  • How do i contact the instructor for any doubts or questions?

    Most of these courses have general questions & answers already covered within the course lectures. However, if you need any further help from the instructor, you can use the inbuilt Chat with Instructor option to send a message to an instructor & they will reply you within 24 hours. You can ask as many questions as you want.
  • Do i need a pc to access the course or can i do it on mobile & tablet as well?

    Brilliant question? Isn't it? You can access the courses on any device like PC, Mobile, Tablet & even on a smart tv. For mobile & a tablet you can download the Learnfly android or an iOS app. If mobile app is not available in your country, you can access the course directly by visting our website, its fully mobile friendly.
  • Do i get any certification after completing the course?

    Yes. Once you succesfully complete any course on Learnfly marketplace, you get a certiifcate of course completion emailed to you within 24 hours with your name & the Learnfly badge. You can definately brag about it & share it on your social media or with friends as one of your achievement. Click here to view the sample certificate Click Here
  • For how long can i access my course after the purchase?

    If you buy a single course, that course is accessible to you for a lifetime. If you go for a premium subcription, you can access all the courses on Learnfly marketplace till your subscription is Active.
  • Whats the difference between Single Course Purchase & Go Premium option?

    With Single Course Purchase, you only get an access of one single course. Whereas, with premium monhtly or annual subscription, you can access all the existing or new courses on learnfly marketplace. You can decide what option suits you the best and accordingly you can make your purchase.
  • Is there any free trial?

    Currently, we don't have any free trial but it may be available in near future.
  • What is the refund policy?

    We would hate you to leave us. However, if you are not satisfied, you can ask for a full refund within 30 days & we will be happy to assist you further.

Tejaswa Rastogi,

- Penetration Tester - Blockchain Security Researcher - Founder | RazzorSec - Malware Analyst - Adversarial ML Researcher
View More...
  • learn-nxtgen-hacking-with-technology

    Learn NxtGen Hacking with Technolog...

    By : Gopikrishna C

    Lecture 80
  • tcp-ip-the-complete-course

    TCP/IP: The Complete Course

    By : Lazaro (Laz) Diaz

    Lecture 17
  • voip-configuration-and-attacking-hacking

    VoIP Configuration and Attacking (H...

    By : Arpit Mittal

    Lecture 6
  • cissp-certification-introduction

    CISSP- Certification Introduction


    Lecture 18
  • practical-blockchain-smart-contracts-ethereum-solidity

    Practical Blockchain & Smart Contra...

    By : Abhilash Nelson

    Lecture 40
  • complete-ethical-hacking-penetration-testing-for-web-apps

    Complete Ethical Hacking & Penetrat...

    By : Abhilash Nelson

    Lecture 30
Signup & Continue Checkout
By signing up, you agree to our Terms of Use and Privacy Policy
Create New Password
Enter your email address and we'll send you a link to reset your password.