Overview
This course aims to teach learners about client-side protection against DOM-based Cross-Site Scripting (XSS) attacks. The course covers topics such as the Same Origin Policy, XSS vulnerabilities and types, DOMBase, and methods to prevent XSS attacks. The teaching method includes lectures on various aspects of client-side protection and demonstrations of solutions. This course is intended for individuals interested in web security, particularly those looking to enhance their knowledge and skills in protecting against XSS attacks.
Syllabus
Introduction
Overview
Slides
Same Origin Policy
XSS vulnerability
XSS Types
What is DOMBase
How to stop XS attacks
Clients XSS
Automated expert generator
Alexa top 10000 domains
Disabling the XSS auditor
Testing the XSS auditor
Crosssite scripting attack
Inline scripts
Attributes
External Content
Preventing the XSS Auditor
Performance
Avoiding invocation
String matching issues
Partial injections
Trailing content
Demo
Solution
Example
False Negatives
False Positives
Performance Results
Conclusion
Taught by
OWASP Foundation