Website Security Testing training – Module 4

Website Security Testing training – Module 4

As mentioned previously, I’m doing an online training course – Web Application Penetration Testing – from ELearnSecurity.

Module 4 – Cross Site Scripting (XSS)

Module 4 covers XSS, one of the oldest types of hacks which is still top of the OWASP Top 10. XSS is classified as an input validation attack, where attacks are triggered from user input. XSS can result in cookie stealing, website defacement, phishing, malware installs and XSS worms.

It covers the following:

  • Example XSS attack scenarios
  • Reflected XSS
  • Persistent XSS
  • DOM-based XSS
  • Finding XSS exploits
  • Finding XSS in PHP code
  • XSS Exploitation
  • XSS & different browsers
  • XSS attacks