The concept of XSS has been around for a few decades now. To this day, it is one of the most often occurring security vulnerabilities found on websites. Have you ever wondered why?
For one, the umbrella term XSS does not actually describe the issue. An "On-Site HTML injection" is usually still referred to as "Cross-Site Scripting". Never mind the fact that there is no "Cross-Site" or "Scripting" element to the actual vulnerability.
XSS attacks come in different flavours: Reflected, Stored, DOM. It is often talked about as "Self-XSS" or in other words- attacking yourself. Developers tend to rely on the in-built defenses of browsers. This is why the consequences can be under-estimated.
During this one day tutorial we will learn how to test for XSS vulnerabilities step-by-step and case-by-case. We will also learn to assess the validity of the implementation (even if there is no apparent vulnerability). All this will be achieved by preparing and launching Proof-of-Concept attacks against a test environment.