Course curriculum

  • 01

    Section 1: What is XSS?

    • 2. What is XSS?

    • Quiz 1: What is XSS

  • 02

    Section 2: The XSS Contexts

    • 3. HTML Context

    • 4. Labs: HTML Context

    • 5. HTML Comment Context

    • 6. Labs: HTML Comment

    • 7. HTML Tag Attribute Injection

    • 8. Labs: HTML Tag Attribute Injection

    • 9. JS Injection

    • 10. Labs: JS Injection

  • 03

    Section 3: Reflected XSS

    • 11. Reflected XSS

    • 12. Labs: GET Reflected XSS

  • 04

    Section 4: Stored XSS

    • 13. Stored XSS

    • Practice Test 1: Stored XSS

  • 05

    Section 5: XSS Filter Evasion Techniques

    • 14. XSS Filter Evasion Techniques

  • 06

    Section 6: VB XSS

    • 15. VB XSS

  • 07

    Section 7: DOM XSS

    • 16. DOM XSS

  • 08

    Section 8: XSS - Filter Evasions - Lab Solutions

    • 17. Labs link

    • 18.php

    • 19. 12

    • 20. 13

    • 21. 14

    • 22. 15

    • 23. 16

    • 24. 17

    • 25.20

    • 26. 21

    • 27. 22

    • 28. 23

    • 29. 24

    • 30. 25

    • 31. 27

    • 32. 30

    • 33. 31

    • 34. 32

    • 35. 33

    • 36. 34

    • 37. 35

    • 38. 36

  • 09

    Section 9: CSP - Content Security Protection AKA why is my JS not Executing?

    • 39. What is CSP?

    • 40. CSP Labs

    • 41. CSP Labs solution

    • Assignment 1: Let's build some CSP

  • 10

    Section 10: Advanced XSS Techniques

    • 42. Advanced XSS Techniques

  • 11

    Section 11: WAF Evasion

    • 43. WAF evasion

  • 12

    Section 12: CSS XSS

    • 44. CSS XSS

  • 13

    Section 13: Analyzing JS Files

    • 45. Analyzing JS files

  • 14

    Section 14: XSS Cheat Sheet

    • 46. XSS Cheat Sheet

  • 15

    Section 15: Labs

    • Assignment 2: Let's take what we learned into practice

    • Labs: Reflected POST XSS

    • Labs: Reflected GET XSS

    • Basic XSS Filter bypasses

  • 16

    Section 16: XSS Attacks Demonstrated

    • 47. The anatomy of an XSS attack vector

    • 48. Hacktivity explained

    • 49. XSS Via reflected canonical tags on the portswigger labs

    • 50. XSS passive testing methodology demonstrated

    • 51. XSS CSP Bypass

    • 52. HTML5 XSS attack vectors explained

    • 53. XSS Tag and event filter evasion techniques with burp suite

    • 54. XSS through Iframe injection