XSS Attack is of three types: Reflective XSS Attack, Non-Reflective XSS Attack and DOM (Document Object Model) Based XSS Attack. The most dangerous type of XSS Attack is DOM Based.
CDI has organized 7 days training program on XSS Attack, in which candidates will learn how to found XSS vulnerabilities in web applications. Discussion on primary and additional defense methods of XSS is the most important part of this training program.
1. Attendees will learn, how they can find XSS Vulnerabilities in a web applications.
2. Candidates will know about the bad impacts of Cross Site Scripting Attack on web application.
3. The security of web application is a must. Therefore the most important thing, which attendees will learn is the primary and advanced XSS defense techniques.
4. Attendees will learn how server and client interact with each other. For example: when you type www.cyberintelligence.in in url bar, browser (client) presents an index page in front of you. You don’t know how client manage to open that web page. Candidates will learn, how to intercept conversation of Client and Server.
1. How to Find Cross Site Scripting Vulnerabilities in a Web Application and how these vulnerabilites can damage user's privacy?
2. How hackers can exploit these vulnerabilities to target innocent web application users? Which type of payloads they can use for it?
3. What can hackers do by performing a Successful XSS Attack and which information they can steal?
4. Why DOM Based XSS Attack is dangerous and how to find DOM Based XSS Vulnerabilities?
5. Which primary and advance security methods you can use to keep XSS Attacks away from web application?
6. Which basic mistakes are responsible for successful XSS attacks?
2. Attendees should be familiar with various type of HTTP request methods.
3. Candidates should be aware about basic working architecture of both Client and Server side processing.
4. All the attendees should be familiar with “Mozilla Firefox” browser and they should know about Network Proxies.
5. The most important thing, which they should know is basics of character encoding.
It will be a 7 days training program on Cross Site Scripting Attack and Its Defenses.
1. We will spend the first day of training on discussions, such as basics of XSS Attack, Basics of Java Script, Basics of HTML and Document Object Model.
2. At the second day of training, we will discuss how an attacker can target victim's web browser to steal sensitive information.
3. After discussing all the above topics, we will move towards Reflective Cross Site Scripting Attack on third day of training.
4. The major Non-Reflective XSS Attack will be discussed by us on the fourth day of training.
5. On the fifth day of training, we will read about DOM (Document Object Model) Based XSS Attack.
6. We will do live practical of Reflective, Non-Reflective and DOM Based XSS on sixth day of training.
7. The last but not least seventh day will be the most important part of this training program. At the day seven, we will discuss all the primary and additional security methods which can help us to protect a web application from XSS Attacks.