Case Studies of Award-Winning XSS Attacks: Part 2 [Video]

More Information
Learn
  • Understand the XSS
  • Understand the modern web applications vulnerabilities
About

This course is the follow-up to one of my previous courses – "Case Studies of Award-Winning XSS Attacks: Part 1". We will continue our XSS hunting journey and you will learn about more award-winning XSS attacks.

Cross-site scripting (XSS) is one of the most widespread and dangerous vulnerabilities in modern web applications. It turns out that you can get a 4-digit reward ($$$$) per single XSS in bug bounty programs, which is just amazing. There are many people hunting for XSS, but only a few of them are successful. What makes them successful? They focus on non-standard XSSs and this is exactly what I present in this course!

In Part 2, of Case-Studies of Award-Winning XSS Attacks, you will learn about the following non-standard XSS attacks:

  • XSS via XML
  • XSS via location.href
  • XSS via VBScript
  • From XSS to Remote Code Execution

For every single bug, there is a DEMO so that you can see how to find these bugs step-by-step in practice.

Do you want to become a successful XSS hunter? Let’s enroll in this course and continue our exciting journey.

If you are interested in more award-winning XSS attacks, then I also recommend you to see the course "Case-Studies of Award-Winning XSS Attacks: Part 1".

Style and Approach

This course is designed in such a way that each section will cover a new scenario and a step by step approach to help you learn and understand the concept.

Features
  • Understand XSS
  • Use XSS with new and updated
Course Length 43 minutes
ISBN 9781838825607
Date Of Publication 24 Apr 2019

Authors

Dawid Czagan

Dawid Czagan is listed among Top 10 Hackers (among more than 100,000 registered hackers at HackerOne). He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his security bug hunting experience in his hands-on training “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector.

Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services.

To find out about his latest works, you can follow him on

Linkedin: https://www.linkedin.com/in/dawid-czagan-85ba3666/en

Twitter: https://twitter.com/dawidczagan

Official website: https://silesiasecuritylab.com/200000-in-bug-bounty-programs-award-winning-bugs-in-facebook-google-coinbase-and-more/