Start Teaching
Messages
User Avatar

Case Studies of Award-Winning XSS Attacks: Part 1

Language: English
Case Studies of Award-Winning XSS Attacks: Part 1

This Course is for You

1 hour 10 minutes

of video/audio content

1 minute

of reading content

Learn How to Find Award-Winning XSSs in Modern Web Applications

Cross-site scripting (XSS) is one of the most widespread and dangerous vulnerabilities in modern web applications. There are hackers who earn a 4-digit reward ($$$$) per single XSS in bug bounty programs, which is just amazing.

There are many people hunting for XSSs, but only a few of them are successful. What makes them successful? They focus on non-standard XSSs and this is exactly what I present in this course!

I’m one of the top hackers at HackerOne (among more than 100,000 registered hackers), and I really know how to make money out there. If you want to become a successful XSS hunter, then this course is just for you.

In Part 1 of Case-Studies of Award-Winning XSS Attacks, you will learn about the following non-standard XSS attacks:
XSS via Image
XSS via HTTP Response Splitting
XSS via Cookie
XSS via AngularJS Template Injection

For every single bug there is a DEMO so that you can see how to find these bugs step-by-step in practice.

Are you ready to become a successful XSS hunter? Let’s enroll to this course and start an exciting journey.

If you are interested in more award-winning XSS attacks, then I also recommend you to see the follow-up course "Case-Studies of Award-Winning XSS Attacks: Part 2".

Who this course is for:
Penetration testers, ethical hackers, bug hunters, security engineers/consultants


Basic knowledge: Basic understanding of XSS attacks

What will you learn:

  • Learn How Hackers Earn a 4-digit Reward ($$$$) per Single XSS
  • Discover How to Find These XSSs Step-by-step in Practice (DEMOS)
  • Become a Successful Bug Hunter
  • Learn From One of The Top Hackers at HackerOne

Course Overview

  • 1. Introduction

  • 2. XSS via Image

  • 3. XSS via HTTP Response Splitting

  • 4. XSS via Cookie

  • 5. XSS via AngularJS Template Injection

  • 6. Summary