XSS stands for Cross-site Scripting. It is a type of computer security vulnerability that allows malicious code to be injected into websites and web applications. XSS attacks are used to steal user data, hijack user sessions, and perform other malicious activities. JavaScript can be used to create XSS attacks, as it is possible to inject malicious code into web pages by manipulating the DOM (Document Object Model) of a website.
TestJS Summit 2021TestJS Summit 2021
105 min
Learn to defend by learning the hacker mindset
The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.

This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.
TestJS Summit 2021TestJS Summit 2021
47 min
How to Exploit Real World Vulnerabilities
This workshop will lead you through installing and exploiting a number of intentionally vulnerable applications. The applications will use real-world packages with know vulnerabilities, including:

- Directory traversal
- Regular expression denial of service (ReDoS)
- Cross site scripting (XSS)
- Remote code execution (RCE)
- Arbitrary file overwrite (Zip Slip)
- These exploits exist in a number of applications, most of which you will need to install either locally or on a cloud instance.

You can do this workshop in 2 different flavours:

- Using the prepared Docker images OR
- Install everything on your local machine.