Vidéos
https://portswigger.net › web-security › cross-site-scripting
What is cross-site scripting (XSS)? - PortSwiggerLearn what cross-site scripting (XSS) is, how it works, and how to prevent it. Explore the different types of XSS attacks, their impact, and how to exploit them with labs and examples.
https://portswigger.net › web-security › cross-site-scripting › cheat-sheet
Cross-Site Scripting (XSS) Cheat Sheet - 2024 Edition - PortSwiggerLearn how to bypass WAFs and filters with cross-site scripting (XSS) vectors. This cheat sheet covers event handlers, tags, browsers, payloads and more for XSS exploitation.
https://portswigger.net › web-security › cross-site-scripting › dom-based
DOM-based XSS - PortSwiggerLearn what DOM-based cross-site scripting (DOM XSS) is, how to find and exploit it, and how to use Burp Suite's web vulnerability scanner and DOM Invader extension to test for it. See how different sources and sinks affect the exploitability of DOM XSS.
https://github.com › PortSwigger › xss-cheatsheet-data
PortSwigger/xss-cheatsheet-data - GitHubThis is the data that powers the PortSwigger XSS cheat sheet. We have put this data on Github so the community can contribute vectors via pull requests.
https://github.com › PortSwigger › xss-cheatsheet › blob › master › README.md
xss-cheatsheet/README.md at master · PortSwigger/xss-cheatsheet - GitHubAn extension to incorporate PortSwigger's Cross-site scripting cheat sheet in to Burp.
https://www.youtube.com › watch
Reflected XSS | XSS | Cross Site Scripting | PortSwigger"🛡️ Dive into the world of Web Security with this in-depth tutorial on Reflected XSS, also known as Cross Site Scripting (XSS)! Learn how attackers exploit ...
https://portswigger.net › web-security › cross-site-scripting › preventing
How to prevent XSS | Web Security Academy - PortSwiggerCross-site scripting prevention can generally be achieved via two layers of defense: Encode data on output. Validate input on arrival. You can use Burp Scanner to scan your web sites for numerous security vulnerabilities including XSS.
https://cheatsheetseries.owasp.org › cheatsheets › XSS_Filter_Evasion_Cheat_Sheet
XSS Filter Evasion Cheat Sheet - OWASPThis cheat sheet demonstrates that input filtering is an incomplete defense for XSS by supplying testers with a series of XSS attacks that can bypass certain XSS defensive filters. Basic XSS Test Without Filter Evasion ¶
https://dl.icdst.org › pdfs › files4 › a7753709b3afd9b9172c449c5c3c0bde.pdf
Cross-site scripting (XSS) cheat sheet - ICDSTThis cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector. This cheat sheet was brought to by PortSwigger Research. Follow us on twitter to recieve updates.
https://medium.com › @aslam.mahimkar › cross-site-scripting-portswigger-part-1-9cf4aaf1319f
Cross-site scripting- PortSwigger part 1 - MediumXSS allows attackers to inject malicious scripts into content from otherwise trusted websites. This can lead to a range of harmful consequences, such as stealing cookies, session tokens, or other...