Study Learn Grow
Cross Site Scripting: Attack & Defense

Cross Site Scripting: Attack & Defense

The course is specifically designed to understand Cross Site Scripting Vulnerability with a complete Practical Hands-On Experience.


The course is specifically designed to understand Cross Site Scripting Vulnerability with a complete Practical Hands-On Experience. This course will train the students to setup their own local penetration testing environment to practice in a safe and contained environment. The students will learn what Cross Site Scripting Vulnerability really is, and how different types of XSS works? Then they will follow an Attacking Approach to deeply understand how XSS attacks happen in real life. They will learn to use different vulnerability scanners to find XSS vulnerabilities. They will also learn to prevent and restrict XSS attacks by using methods like - Escaping User Input, Content Security Policy, etc, thus following a Defensive Approach, hence then name of the course: “Cross Site Scripting: Attack & Defense”, and last but not the least, they will learn to use different cheat sheets to evade WAFs and Firewalls, and also to prevent XSS attacks by implementing secure coding practices and proper handling of untrusted data.

Course Information

The course is designed as a Beginner/Intermediate level

Good Knowledge of HTML and JavaScript (Basic HTML tags, JavaScript Functions)
Basic Knowledge of HTTP Client-Server Architecture (How a client sends a request and a server sends a response back to the client?)
Basic Knowledge of Linux Commands and tools (Moving a file, Copying a file, Starting Services etc.)
Optional Knowledge of Server Side Programming Language like PHP
OWASP top 10 (Not Mandatory)
Understanding of Virtualization Softwares like VMware/VirtualBox (Not Mandatory)

Complete Practical Hands-On Experience on Every Topic

Setup Lab Environment and test for XSS Vulnerability
Cross Site Scripting Fundamentals
How different types of Cross Site Scripting Works?
Perform Different Cross Site Scripting Attacks - Phishing, Cookie Stealing & Session Hijacking
Use Automated Scanners like Wapiti, Uniscan, OWASP ZAP, Burp Suite Pro, to find and exploit XSS and to generate a detailed report
Difference between Passive and Active Scan
Apply Security Measures
Prevent or Restrict XSS using different Defensive Solutions - Esccaping User Input, Content Security Policy, Using Appropriate Sources and SInks, etc.
Difference between BlackListing and WhiteListing Approach
Use Filter Evasion Cheat Sheets to bypass WAFs and Firewalls, and Prevention Cheat Sheets to implement secure coding practices,and learn proper handling of untrusted data
Use different libraries and modules to add an extra security layer in web applications

CyberSecurity Enthusiasts
Bug Hunters
Web Application Penetration Testers
Web Developers
Security Researchers

• Lifetime Access to Each Course
• Certificate on Completion of Course
• No Extra Charges Or Admin Fees
• Easy Access to Courses
• High Priority Support After Sales.
• Big Discounts on Individual Courses

Course Specifications

Numerous Cyber Security courses include ethical hacking, CompTIA and forensics. 

See All Courses

Adult education is the non-credential activity of gaining skills and improved education. 

See All Courses

Online education is electronically supported learning that relies on the Internet for teacher/student interaction. 

See All Courses

A short course is a learning programme that gives you combined content or specific skills training in a short period of time. Short courses often lean towards the more practical side of things and have less theory than a university course – this gives you a more hands-on experience within your field of interest.

See All Courses

Course duration is 24 hours.

See All Courses

Study Learn Grow

Related Jobs