Learning Path: Application Security Essentials
Attacking and Defending Cross-Site Scripting (XSS)
Client-side attacks are totally different from server-side ones, because they rely on the attack being initiated from the user’s device. It creates a whole new set of problems for security teams to deal with, and developers need to change their remediation strategies, too.
In this course, we take an exclusive look at Cross-Site Scripting attacks, and why they’re such a big deal. We start with an introduction to client-side attacks, and how they evolved from the time of MySpace malware. In the next 2 modules, we look extensively at techniques used to attack applications with XSS using hands-on lab exercises, as well as tried-and-tested methods for defending against them.
A majority of your learning will be done practically, using labs to simulate real-world development and attack scenarios. This gives you an opportunity to learn first-hand the actual AppSec strategies you’ll be using to secure web applications. We’ve compiled our learning material from across our entire team, and it’s the result of years of security testing experience, knowledge, and original research.
Proficiency: Beginner
Audience: Application Security
Course Duration: 4 hours
19 lessons
5 Cloud Labs
Course Outline
Introduction
- Course Introduction
- Course Pre-requisites
XSS Overview
- XSS – Introduction and Overview
- XSS – Types of Attacks
- Popular XSS Attacks
Content-Security-Policy
- Content-Security-Policy: An Introduction
- Bypassing Content-Security-Policy
- Advanced Controls: Content-Security-Policy
Input Validation
- Introduction to Input Validation
- Validation Approaches – Part 1
- Validation Approaches – Part 2
- Validation Serialized Datasets: JSON