• Online, Self-Paced
Course Description

Description The course is specifically designed to understand Cross Site Scripting Vulnerability with a complete Practical Hands-On Experience. This course will train the students to setup their own local penetration testing environment to practice in a safe and contained environment. The students will learn what Cross Site Scripting Vulnerability really is, and how different types of XSS works? Then they will follow an Attacking Approach to deeply understand how XSS attacks happen in real life. They will learn to use different vulnerability scanners to find XSS vulnerabilities. They will also learn to prevent and restrict XSS attacks by using methods like - Escaping User Input, Content Security Policy, etc, thus following a Defensive Approach, hence then name of the course: “Cross Site Scripting: Attack & Defense”, and last but not the least, they will learn to use different cheat sheets to evade WAFs and Firewalls, and also to prevent XSS attacks by implementing secure coding practices and proper handling of untrusted data.

Learning Objectives

Complete Practical Hands-On Experience on Every Topic Setup Lab Environment and test for XSS Vulnerability Cross Site Scripting Fundamentals How different types of Cross Site Scripting Works? Perform Different Cross Site Scripting Attacks - Phishing, Cookie Stealing & Session Hijacking Use Automated Scanners like Wapiti, Uniscan, OWASP ZAP, Burp Suite Pro, to find and exploit XSS and to generate a detailed report Difference between Passive and Active Scan Apply Security Measures Prevent or Restrict XSS using different Defensive Solutions - Escaping User Input, Content Security Policy, Using Appropriate Sources and Sinks, etc. Difference between BlackListing and WhiteListing Approach Use Filter Evasion Cheat Sheets to bypass WAFs and Firewalls, and Prevention Cheat Sheets to implement secure coding practices,and learn proper handling of untrusted data Use different libraries and modules to add an extra security layer in web applications

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.