This course aims to teach learners about client-side protection against DOM-based Cross-Site Scripting (XSS) attacks. The course covers topics such as the Same Origin Policy, XSS vulnerabilities and types, DOMBase, and methods to prevent XSS attacks. The teaching method includes lectures on various aspects of client-side protection and demonstrations of solutions. This course is intended for individuals interested in web security, particularly those looking to enhance their knowledge and skills in protecting against XSS attacks.
Client-Side Protection Against DOM-Based XSS Done Right
Overview
Syllabus
Introduction
Overview
Slides
Same Origin Policy
XSS vulnerability
XSS Types
What is DOMBase
How to stop XS attacks
Clients XSS
Automated expert generator
Alexa top 10000 domains
Disabling the XSS auditor
Testing the XSS auditor
Crosssite scripting attack
Inline scripts
Attributes
External Content
Preventing the XSS Auditor
Performance
Avoiding invocation
String matching issues
Partial injections
Trailing content
Demo
Solution
Example
False Negatives
False Positives
Performance Results
Conclusion
Taught by
OWASP Foundation
Related Courses
-
Client-Side Protection Against DOM-Based XSS Done Right
-
Locking the Throne Room - ECMA Script 5, a Frozen DOM and the Eradication of XSS
-
Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers
-
Fixing XSS with Content Security Policy
-
The Web Is Vulnerable - XSS Defense on the BattleFront
-
Call to Arms - A Tale of the Weaknesses of Current Client-Side XSS Filtering
