Hi, and welcome to this new video!

In this video I continue my web exploitation series by discussing another important class of vulnerabilities called Cross-Site Scripting, often abbreviated as XSS. There are three different types of XSS, which are Stored XSS, Reflected XSS and DOM XSS. In this video I will try to give some intuition with respect to all these three different types of XSS.

Given that XSS is a type of client side attack, we will also discuss the ideas behind client side attacks, their different with respect to server side attacks, and why they can be dangerous for the security of a web application.

If you're interested in more videos of the series or if you have any feedback, please let me know!

-------------------------

TIMESTAMP

00:00 Introduction
03:00 Client-side attacks
06:35 Stored XSS – Intuition
18:00 Stored XSS – Leaking session cookie
25:40 Reflected XSS – Intuition
30:20 Reflected XSS – Leaking session cookie
33:30 DOM XSS
41:25 Review so far
43:05 Conclusion

-------------------------

REFERENCES

- Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-04-16-web-exploitation-cross-site-scripting
- DVWA: https://github.com/digininja/DVWA
- DVWA repository: https://github.com/LeonardoE95/DVWA
- OSCP repository: https://github.com/LeonardoE95/OSCP
- BurpSuite Community Edition: https://portswigger.net/burp/communitydownload

-------------------------

CONTACTS

- Blog: https://blog.leonardotamiano.xyz/
- Github: https://github.com/LeonardoE95?tab=repositories
- Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ