Case Studies of Award-Winning XSS Attacks: Part 2 [Video]

More Information
  • Learn How Hackers Earn a 4-digit Reward ($$$$) per Single XSS
  • Discover How to Find These XSSs Step-by-step in Practice (DEMOS)

Cross-site scripting (XSS) is one of the most widespread and dangerous vulnerabilities in modern web applications.

Interestingly, you can even get a 4-digit reward ($$$$) per single XSS in bug bounty programs. Although many people hunt for XSS, only a few of them are actually successful. What makes them succeed? They focus on non-standard XSSs, and this is exactly what you’ll learn in this course.

If you’ve already caught up with Case Studies of Award-Winning XSS Attacks: Part 1, get ready to build on your knowledge with the second course in this series - Case Studies of Award-Winning XSS Attacks: Part 2. With this course, you will get up to speed with XSS hunting and some more award-winning XSS attacks that will help you develop your skills.

You’ll explore a variety of non-standard XSS attacks, right from XSS via XML and XSS via location.href, through to XSS via VBScript and XSS to Remote Code Execution. The course also features a demo for every single bug, which will help you understand how to find bugs in a step-by-step manner. All along, the course will guide you through the vulnerabilities in modern web applications that will further build on your knowledge.

By the end of this course, you will be well-versed with the important XSS attacks and have developed the skills you need to become a successful XSS hunter.

  • Become a Successful Bug Hunter
  • Learn From One of The Top Hackers at HackerOne
Course Length 0 hours 43 minutes
ISBN 9781838825607
Date Of Publication 25 Apr 2019


Dawid Czagan

Dawid Czagan is listed among Top 10 Hackers (among more than 100,000 registered hackers at HackerOne). He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security bug hunting experience in his hands-on training “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector. Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. To find out about his latest works, you can follow him on Linkedin: Twitter: Official website: