Cross Site Scripting (XSS) Recipes.

Follow step-by-step cybersecurity video lessons to secure your applications.

Hacking Websites With Cross-Site Scripting

Learn the basics of XSS attacks.

6:14 1 example 3 challenges

Upgrade to XSS:Full Access

XSS Attacks From HTML Attributes

Learn how to launch XSS attacks when injecting into HTML attributes.

4:56 2 examples 3 challenges

Upgrade to XSS:Full Access

XSS Attacks From URLs

Learn how to launch XSS attacks when adding a URL for website links.

5:06 1 example 2 challenges

Upgrade to XSS:Full Access

XSS Filter Evasion

Learn how to launch XSS attacks while evading filters and defenses.

7:01 2 examples 2 challenges

Upgrade to XSS:Full Access

How To Use Event Handlers For XSS Exploits

Learn how to create XSS exploits using event handlers.

9:42 2 examples 3 challenges

Upgrade to XSS:Full Access

XSS Attacks Inside JavaScript

Learn how XSS attacks work when injecting directly into JavaScript.

9:55 1 example 4 challenges

Upgrade to XSS:Full Access

Polyglots: The Ultimate XSS Payloads

Learn to execute XSS attacks in any context with just one payload.

7:18 1 example 1 challenge

Upgrade to XSS:Full Access

How To Create Real XSS Exploits To Attack Websites

Learn how to create real, malicious XSS exploits.

16:32 1 example 3 challenges

Upgrade to XSS:Full Access

How To Fix XSS Vulnerabilities In Code

Learn how to bulletproof your code against dangerous inputs with proper escaping.

12:22 3 challenges

Upgrade to XSS:Full Access

How To Allow Safe HTML Injection

Learn how to safely let users add their own HTML tags without introducing XSS vulnerabilities.

11:48 1 example 2 challenges

Upgrade to XSS:Full Access

How To Prevent XSS With Code Reviews

Learn how to stop XSS vulnerabilities before they're released.

4:27 3 challenges

Upgrade to XSS:Full Access

Automatic XSS Prevention

Learn how to automatically stop XSS attacks with Content Security Policy and Subresource Integrity.

18:57 2 examples 3 challenges

Upgrade to XSS:Full Access

Exploiting Web Pages That Have A CSP

Learn what threats still exist even after implementing a Content Security Policy.

6:43 1 example 2 challenges

Upgrade to XSS:Full Access

Just $50/user each year for XSS Full Access

Less than the price of one XSS bounty!

In-depth and hands-on XSS training The most accurate and complete XSS training course available Constant updates on the latest attacks and defenses

UPGRADE MY SKILLS UPGRADE MY TEAM