Udemy - Cross-Site Scripting (XSS): The 2021 Guide
- CategoryOther
- TypeTutorials
- LanguageEnglish
- Total size2.1 GB
- Uploaded Bytutsnode
- Downloads170
- Last checkedDec. 28th '20
- Date uploadedDec. 25th '20
- Seeders 18
- Leechers9
Description
About the course:
Welcome to this course on Cross-Site Scripting (XSS)! In this course, we explore one of the biggest risks facing web applications today.
I’ve spent months creating and collecting the best resources on XSS to put them in this course so that you can learn XSS in a fun, efficient, and practical manner.
We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored, and DOM-based. Then, we break down recent real-world case studies of XSS vulnerabilities from Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we create safe and legal lab environments to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver payloads that hook unsuspecting browsers and let you send commands to those browsers remotely.
From there, you can launch a number of different attacks from BeEF with command modules (ie: scan internal networks, deface websites, compromise routers, etc…).
This is an important step because it demonstrates just how powerful a single, simple XSS payload can be, and why it’s critical that you defend your apps from this serious threat.
After that, we apply everything we’ve learned and pentest the OWASP Juice Shop starting with information gathering before exploiting all 3 types of XSS to complete challenges of varying difficulty.
Finally, we wrap up the course by discussing the most (and least) effective defensive controls including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat.
If you’re looking for a hands-on way of learning Cross-Site Scripting, this is your course!
Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications by providing a safe learning environment.
———————–
Topics we will cover together:
What Cross-Site Scripting (XSS) is and how it works
The 3 main types of XSS: Reflected, Persistent, and DOM-based
Recent real-world case studies of XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok
How to set up a lab environment with Kali Linux Virtual Machine for free
How to easily configure and create safe & legal lab environments using containers inside of Kali
How to get started with OWASP ZAP (a free alternative to Burp Suite)
XSS techniques with cheatsheets and references
How to use manually-crafted payloads to evade security filters
How to use automated tools to find successful XSS payloads (including ZAP, XSStrike, XSSer)
How to remotely control browsers with BeEF
How to gather information about your target in order to find potential vulnerabilities
How to perform XSS injections by hand with crafted requests using a proxy tool (ZAP)
How to use results from successful injections to exploit targets (ie: change a user’s password with a single URL via CSRF)
Effective (and ineffective) defenses against XSS
Side-by-side comparison of vulnerable and secure code
Cheatsheets to protect your applications
Rules to follow in order to prevent XSS vulnerabilities for all 3 types of attacks
How to review code for XSS vulnerabilities
Recommended testing guides
———————–
Instructor
My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications, learn how to use the cloud, and develop secure applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity. Fast-forward to today, and I’ve co-founded a fast-growing cybersecurity community, Cybr, that also provides training resources.
As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently, and how to develop more secure applications.
I’ve taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), SQL Injection Attacks, Introduction to OS Command Injections, Lambda Deep Dive, Backup Strategies, and others.
Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.
Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, XSS is far too common and can be devastating to organizations, regardless of their size.
It’s time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we’ll do just that!
I welcome you on your journey to learning more about XSS, and I look forward to being your instructor!
Who this course is for:
Web Developers
Pentesters
Software Developers
Application Security Engineers
IT Managers
Risk Analysts
Security Analysts
IT Students
Requirements
Experience with JavaScript
Experience working with web applications
A desire to learn!
Last Updated 12/2020
Files:
Cross-Site Scripting (XSS) The 2021 Guide [TutsNode.com] - Cross-Site Scripting (XSS) The 2021 Guide 04 Reflected XSS- 008 Automated attacks.mp4 (167.9 MB)
- 007 Manual attacks.en.srt (24.3 KB)
- 007 Manual attacks.mp4 (143.1 MB)
- 008 Automated attacks.en.srt (24.2 KB)
- 001 About the course.en.srt (4.0 KB)
- 001 About the course.mp4 (27.8 MB)
- 002 About the author.en.srt (3.8 KB)
- 002 About the author.mp4 (38.2 MB)
- 003 XSS concepts.en.srt (11.4 KB)
- 003 XSS concepts.mp4 (42.2 MB)
- 004 XSS types.en.srt (17.8 KB)
- 004 XSS types.mp4 (57.5 MB)
- 005 Case studies.html (15.2 KB)
- 006 Creating our lab environment.en.srt (14.7 KB)
- 006 Creating our lab environment.mp4 (111.5 MB)
- 009 Manual attacks.en.srt (14.7 KB)
- 009 Manual attacks.mp4 (84.5 MB)
- 010 Automated attacks.en.srt (8.0 KB)
- 010 Automated attacks.mp4 (55.1 MB)
- 011 Manual attacks.en.srt (14.1 KB)
- 011 Manual attacks.mp4 (90.0 MB)
- 012 Automated attacks.html (3.0 KB)
- 013 What is blind XSS_.en.srt (6.3 KB)
- 013 What is blind XSS_.mp4 (29.4 MB)
- 014 XSS Hunter.en.srt (14.2 KB)
- 014 XSS Hunter.mp4 (93.0 MB)
- 015 BeEF Setup.en.srt (8.8 KB)
- 015 BeEF Setup.mp4 (54.7 MB)
- 016 BeEF walkthrough.en.srt (16.1 KB)
- 016 BeEF walkthrough.mp4 (76.7 MB)
- 017 BeEF hook.en.srt (6.3 KB)
- 017 BeEF hook.mp4 (45.6 MB)
- 018 BeEF target exploitation.en.srt (27.0 KB)
- 018 BeEF target exploitation.mp4 (140.9 MB)
- 019 Information gathering.en.srt (22.9 KB)
- 019 Information gathering.mp4 (150.2 MB)
- 020 DOM-based XSS attacks.en.srt (17.7 KB)
- 020 DOM-based XSS attacks.mp4 (108.5 MB)
- 021 Reflected XSS attacks.en.srt (12.8 KB)
- 021 Reflected XSS attacks.mp4 (95.1 MB)
- 022 Persisted XSS attacks.en.srt (19.5 KB)
- 022 Persisted XSS attacks.mp4 (129.4 MB)
- 023 Preventing XSS.en.srt (11.4 KB)
- 023 Preventing XSS.mp4 (36.1 MB)
- 024 Vulnerable and safe code examples.en.srt (19.1 KB)
- 024 Vulnerable and safe code examples.mp4 (90.0 MB)
- 025 Reflected and Stored XSS Prevention Rules.en.srt (18.9 KB)
- 025 Reflected and Stored XSS Prevention Rules.mp4 (72.8 MB)
- 026 DOM XSS Prevention Rules.en.srt (12.4 KB)
- 026 DOM XSS Prevention Rules.mp4 (59.7 MB)
- 027 Common problems with mitigating DOM-based XSS.en.srt (5.9 KB)
- 027 Common problems with mitigating DOM-based XSS.mp4 (17.7 MB)
- 028 Bonus rules.en.srt (8.7 KB)
- 028 Bonus rules.mp4 (34.4 MB)
- 029 How to review code for XSS vulnerabilities.en.srt (6.6 KB)
- 029 How to review code for XSS vulnerabilities.mp4 (26.6 MB)
- 030 OWASP testing guide.en.srt (14.9 KB)
- 030 OWASP testing guide.mp4 (60.8 MB)
- 031 Additional resources.html (4.8 KB)
- 032 What now_.html (4.5 KB)
- TutsNode.com.txt (0.1 KB)
- [TGx]Downloaded from torrentgalaxy.to .txt (0.6 KB)
Code:
- udp://inferno.demonoid.pw:3391/announce
- udp://tracker.openbittorrent.com:80/announce
- udp://tracker.opentrackr.org:1337/announce
- udp://torrent.gresille.org:80/announce
- udp://glotorrents.pw:6969/announce
- udp://tracker.leechers-paradise.org:6969/announce
- udp://tracker.pirateparty.gr:6969/announce
- udp://tracker.coppersurfer.tk:6969/announce
- udp://ipv4.tracker.harry.lu:80/announce
- udp://9.rarbg.to:2710/announce
- udp://shadowshq.yi.org:6969/announce
- udp://tracker.zer0day.to:1337/announce