Cross-Site Scripting

Course Description

In this course, we will discuss Stored (sometimes called persistent), Reflected, and DOM-Based XSS attacks. This is a skill-based course, so we will include a hands-on lab. This course will begin with lecture material on what cross-site scripting is, how the different attacks work, and ways to protect against them. Students will also complete an assessment at the conclusion of the course. Instructions for the assessment will be found in the conclusion module.

This training is an introductory course in Cross-Site Scripting (XSS), a widespread cyberattack type. Students in this training will learn what XSS is, the different types of attacks and how they work, and methods that work to protect against them.

Cross-site scripting is a client-side code injection cyberattack. The hacker’s goal in cross-site scripting is to execute malicious scripts in the victim’s web browser by including malicious code in a legitimate web page or web application. The attack happens when the victim visits the application or web page that executes the malicious code. In other words, the web application or page is the means to deliver the malicious script to the victim’s browser. It’s common for this type of attack to use message boards, forums, and web pages that allow users to make comments.

Cross-site scripting attacks and attackers can cause significant damage to victims, whether they are individuals or organizations. Attackers use three different types of XSS attacks:

There are various ways that the above types of attacks can impact the victim, from stealing and using personal data or funds, to changing how a website looks in an offensive manner.

One of the most common XSS attacks is account hijacking. This happens when hackers hijack legitimate user accounts by stealing session cookies. This allows hackers to assume the victim’s identity and access sensitive data or functionality as the victim.

Another practical XSS attack occurs when the attacker uses JavaScript or HTML to steal user credentials, rather than their cookies. Yet another powerful and impactful type of XSS attack is using cross-site scripting to exfiltrate sensitive data (such as personal identifiable data or cardholder information) to perform unauthorized operations, like stealing funds.

There are other types of attacks in which attackers use XSS as well. These include keyloggers, in which the attacker gains access to the user’s keystrokes on a vulnerable page

port scans, in which port scans are initiated against the internal network of a client that accesses a vulnerable website

and website defacement, in which hackers actually change the appearance of website.

In this XSS training, students will learn about what XSS is, how these types of attacks happen and the impact they cause, and ways to mitigate this popular type of attack. The course is an introduction, so the basics will be covered and there will be a hands-on lab included. Three different types of cross-site scripting will be discussed: stored XSS, reflected XSS, and DOM based XSS.

Students will also complete an assessment at the conclusion of the course. The total clock hours for the course is 40 minutes. Students will earn 1 CEU/CPE and a Certificate of Completion when they finish the course.

The XSS training course is designed for:

There are no prerequisites for this course, however, it’s recommended that students have basic computer skills and Internet browsing knowledge.

If you would like to learn more about Cross-Site Scripting this XSS course is a good place to start. Enrolling in the course is easy, just click on the Register button in the top right corner of this screen to begin.

Ethical hackers

Penetration testers

If you would like to learn more about Cross-Site Scripting this XSS course is a good place to start. Enrolling in the course is easy, just click on the Register button in the top right corner of this screen to begin.

Module 1: Introduction

Module 2: Labs

Module 3: Conclusion