XSS and JavaScript Remote Code Executions

This course explores cross-site scripting (XSS) in JavaScript.

7 videos  //  94 minutes of training

Course description

XSS attacks are arguably the main threat against JavaScript web applications. In this course, we will cover them in detail and leave no stone unturned as we check everything about reflected, stored, DOM-based XSS. We will extensively cover CSP and trusted types.

Course syllabus

XSS OverviewDuration: 11:57

What is cross-site scripting and what is its impact?

Reflected XSSDuration: 15:53

Reflected XSS happens when the XSS payload is sent to a server and sent back to the client.

Stored XSSDuration: 7:04

Stored XSS happens when the server keeps the XSS payload in database or on the file system.

DOM-Based XSSDuration: 13:15

DOM-based XSS happens without any server interactions.

Code Execution: Eval and Other Vulnerable SinksDuration: 14:36

There are multiple ways (beyond XSS) to dynamically inject code in a running JavaScript applications.

Content Security Policy and XSSDuration: 15:05

Content security policies are a complex yet powerful tool to prevent browsers from loading data insecurely.

Trusted TypesDuration: 16:03

Trusted types is the latest iteration in the fight against XSS.

Meet the author

Vladimir de Turckheim

LinkedIn

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem.

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

Plans & pricing

Personal
Teams

Infosec Skills subscription

Monthly
Annually
  • 140+ role-based learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (in-person or live online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills Teams subscription

Annual

$599 per learner / year

Request Team Quote Free Team Trial
  • Team administration and reporting
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 140+ role-based learning paths (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Live team boot camp

Request a quote for pricing

 

Request Team Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (onsite, in-person or live online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Technical Skills Development, Online Course Providers & eLearning Content

Technical Skills Development, Online Course Providers & eLearning Content

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Workforce Framework for Cybersecurity.

LX Labs