/
web app pentesting
/
cross site scripting xss
Menu
Cross-Site Scripting (XSS)
Main Ideas
Overview
XSS proof of concept
How to find and test for XSS vulnerabilities
Reflected XSS
Stored XSS
XSS Contexts
XSS Contexts: Between HTML tags
XSS Contexts: In HTML tag attributes
XSS Contexts: Terminating the existing script
XSS Contexts: Breaking out of a JavaScript string
XSS Contexts: Making use of HTML-encoding
XSS Contexts: XSS in JavaScript template literals
Exploiting cross-site scripting vulnerabilities
Dangling markup injection
Content security policy (CSP)
Main Ideas
DOM-Based Vulnerabilities
DOM-Based XSS
Exploiting DOM XSS with different sources and sinks
Sources and sinks in third-party dependencies
DOM XSS combined with reflected and stored data
DOM XSS combined with reflected and stored data
Complete DOM XSS Breakout Guide
