This lecture covers the king of client attacks, XSS (Cross-Site Scripting). You can systematically learn about the basic concepts of XSS, the attack principles, and most importantly, what process to go through to perform the attack procedure.
Concept of XSS attack
XSS attack principle
Types of XSS attacks
XSS attack methodology
Master XSS attacks in one lecture!
Learn systematically with security practitioners.
XSS stands for Cross-Site Scripting
Abbreviation for (cross-site scripting),
Through malicious scripts inserted into web pages
This is a vulnerability that occurs when sites are crossed.
XSS is a vulnerability that occurs when cross-site scripting occurs via client-side scripting . Ransomware infections, which have recently become a major issue, are also often distributed and infected through XSS.
Furthermore, as web attacks shift from the server-side to the client-side, vulnerabilities are increasingly being discovered in web applications. Consequently, the importance and interest in XSS attacks are on the rise.
I can confidently say that there will never be another type of education like this!
Most web hacking training and books only cover the basic concepts of attacks.
However, this lecture will allow you to learn more systematically about basic concepts, attack principles, and most importantly, 'what process should be used to carry out the attack procedure' .
Section 1. Understanding XSS Attacks
Learn the basic concepts and principles of XSS attacks . We'll also examine what XSS attacks can do, how they're used in practice, and their limitations.
To ensure a smooth XSS attack, we'll explore JavaScript, the programming language used in these attacks. Rather than delving into the specifics of JavaScript, we'll focus on the fundamental concepts behind XSS attacks.
We will look at the concepts and principles of DOM-Based XSS, Reflected XSS, and Stored XSS, which are XSS attack techniques, and learn in detail about the differences that lead to the classification of these attack techniques.
After studying this section, you'll be able to accurately distinguish and judge the XSS attack techniques described above. This will be particularly helpful for those who struggle to distinguish between Dom-Based XSS and Reflected XSS attacks .
This section is the core of this lecture, covering attack methodologies not found in existing books or training courses. To successfully launch an attack, you need to understand how to approach it and how to deploy it in specific situations and environments .
Plus, you'll learn some must-know tips when attacking.
We'll explore various methods for bypassing XSS attacks based on their validation logic. While XSS attacks typically have numerous bypass techniques, this section will focus on techniques commonly used in practice.
Let's examine session hijacking , a type of attack that can be perpetrated via XSS. We'll cover the concept, attack principles, and practical attack practice of session hijacking.
Let's examine keylogging , a type of attack that can be perpetrated via XSS. We'll explore the concept of keylogging, its principles, and practical attack practice.
In this section, we will look at several things to keep in mind when conducting practical diagnostics, which are also mistakes that many diagnosticians make when diagnosing vulnerabilities.
To be considered a true information security expert, you must know not only attacks but also countermeasures .
The final section explores secure coding practices and the use of security libraries to defend against XSS attacks. We also explore methods for defending against session hijacking attacks.
Q. Is there anything I should know before taking the course?
Knowledge of web fundamentals is helpful. I recommend taking the following lectures first:
Web Technology Fundamentals You Must Know
Essential knowledge on HTTP, WWW, cookies/sessions, etc. all at once.
Q. I am a non-major or student with no information security knowledge. Can I still take this course?
As mentioned above, if you take the web fundamentals course, you'll be able to take the course without difficulty. Furthermore, some programming knowledge can be a significant help in your learning.
Q. What is the difference between the XSS attack content covered in the "Web Hacking, Security, and Secure Coding: Essential Knowledge for Web Developers and Information Security Beginners" course and this course?
While the lecture you mentioned also covers XSS-related topics, you'll learn at a level comparable to what's covered in existing training or books. This course will delve into the methodology and processes for diagnosing attacks.
Web Hacking, Security, and Secure Coding
If you want to start having fun with web hacking!
Q. Can information security practitioners also attend?
Of course. It will actually be more helpful. I believe my previous lectures have already proven this point. ^^
※ This training PPT uses Nanum font provided by Naver.
Who is this course right for?
Information Security Beginner
Information Security Expert
Web Developer
Need to know before starting?
Web Basics
Programming Basics
26,584
Learners
1,441
Reviews
504
Answers
4.9
Rating
18
Courses
안녕하세요, 크리핵티브입니다.
다년간 다양한 웹 서비스를 진단하고 연구한 경험을 바탕으로, 실무에 바로 적용 가능한 지식을 인프런 플랫폼에서 공유해오고 있습니다.
그리고 웹 해킹 기초를 체계적으로 다룬 『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』을 집필했습니다. 기초가 부족한 분들께는 이 책으로 학습을 시작하실 것을 권합니다.
『크리핵티브의 한 권으로 끝내는 웹 해킹 바이블』 저자
이메일 : crehacktive3@naver.com
All
69 lectures ∙ (9hr 14min)
Course Materials:
All
58 reviews
4.9
58 reviews
Reviews 5
∙
Average Rating 5.0
Reviews 4
∙
Average Rating 4.3
Reviews 4
∙
Average Rating 5.0
5
I trust and watch the lecture of the creative instructor~ I was able to learn a lot. Thank you~ When will I be able to meet the sql injection part 3 lecture?
We will do our best to open it within this year. Thank you.
Reviews 2
∙
Average Rating 5.0
Reviews 11
∙
Average Rating 5.0
$51.70
Check out other courses by the instructor!
Explore other courses in the same field!
![File Upload Vulnerability Advanced Attack Techniques PART2 [Integrated Edition]강의 썸네일](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
