Call Us : +91-771045-0011 | +91-771045-0022

Cross Site Scripting (XSS) Attack/Defence

A Cross Site Scripting (XSS) vulnerability may allow hackers to inject malicious coded scripts in web pages of a web application. When users of that w....

Duration: 7 Days
Course Fee: INR 3800.00/ USD 50.00

A Cross Site Scripting (XSS) vulnerability may allow hackers to inject malicious coded scripts in web pages of a web application. When users of that web application will click on injected malicious link, hackers could steal all the browser history, cookies and other sensitive information of victim which is stored in web browser. Most likely, XSS vulnerabilities exist in that dynamic web pages which accept user input. Search Button, HTML Forms, Comment Boxes and Buttons are some of examples where hackers can inject Malicious JavaScripts and HTML Scripts. Never forget one thing, if a hacker can steal cookies and sensitive information then he/she can also use it for black hat activities.

XSS Attack is of three types: Reflective XSS Attack, Non-Reflective XSS Attack and DOM (Document Object Model) Based XSS Attack. The most dangerous type of XSS Attack is DOM Based.

CDI has organized 7 days training program on XSS Attack, in which candidates will learn how to found XSS vulnerabilities in web applications. Discussion on primary and additional defense methods of XSS is the most important part of this training program. 

No Batch Available In This Course Yet.

1. Attendees will learn, how they can find XSS Vulnerabilities in a web applications.

2. Candidates will know about the bad impacts of Cross Site Scripting Attack on web application.

3. The security of web application is a must. Therefore the most important thing, which attendees will learn is the primary and advanced XSS defense techniques.

4. Attendees will learn how server and client interact with each other. For example: when you type in url bar, browser (client) presents an index page in front of you. You don’t know how client manage to open that web page. Candidates will learn, how to intercept conversation of Client and Server.

5. Candidates will learn which type of JavaScript Payloads and HTML payloads they can use to find XSS Vulnerabilities. They will also learn about the alternative methods, if both JavaScript and HTML payloads are not working.

1. How to Find Cross Site Scripting Vulnerabilities in a Web Application and how these vulnerabilites can damage user's privacy?

2. How hackers can exploit these vulnerabilities to target innocent web application users? Which type of payloads they can use for it?

3. What can hackers do by performing a Successful XSS Attack and which information they can steal?

4. Why DOM Based XSS Attack is dangerous and how to find DOM Based XSS Vulnerabilities?

5. Which primary and advance security methods you can use to keep XSS Attacks away from web application?

6. Which basic mistakes are responsible for successful XSS attacks?

1. Basics of JavaScript and HTML should be clear to candidates. If candidates are familiar with these basics, they can easily understand how to use different type of payloads.

2. Attendees should be familiar with various type of HTTP request methods.

3. Candidates should be aware about basic working architecture of both Client and Server side processing.

4. All the attendees should be familiar with “Mozilla Firefox” browser and they should know about Network Proxies.

5. The most important thing, which they should know is basics of character encoding.

It will be a 7 days training program on Cross Site Scripting Attack and Its Defenses.

1. We will spend the first day of training on discussions, such as basics of XSS Attack, Basics of Java Script, Basics of HTML and Document Object Model.

2. At the second day of training, we will discuss how an attacker can target victim's web browser to steal sensitive information.

3. After discussing all the above topics, we will move towards Reflective Cross Site Scripting Attack on third day of training.

4. The major Non-Reflective XSS Attack will be discussed by us on the fourth day of training.

5. On the fifth day of training, we will read about DOM (Document Object Model) Based XSS Attack. 

6. We will do live practical of Reflective, Non-Reflective and DOM Based XSS on sixth day of training.

7. The last but not least seventh day will be the most important part of this training program. At the day seven, we will discuss all the primary and additional security methods which can help us to protect a web application from XSS Attacks.

Contact Us


Request more information

Proudly Operated from India

© 2016 Copyrights. All Rights Reserved

Bootstrap Example

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.

Sign Up Log In