XSS stands for Cross-site Scripting. It is a type of computer security vulnerability that allows malicious code to be injected into websites and web applications. XSS attacks are used to steal user data, hijack user sessions, and perform other malicious activities. JavaScript can be used to create XSS attacks, as it is possible to inject malicious code into web pages by manipulating the DOM (Document Object Model) of a website.
Learn to defend by learning the hacker mindset
TestJS Summit 2021TestJS Summit 2021
105 min
Learn to defend by learning the hacker mindset
Workshop
Vandana Verma
Vandana Verma
The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.

This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.
How to Exploit Real World Vulnerabilities
TestJS Summit 2021TestJS Summit 2021
47 min
How to Exploit Real World Vulnerabilities
WorkshopFree
Noa Moshe
Noa Moshe
This workshop will lead you through installing and exploiting a number of intentionally vulnerable applications. The applications will use real-world packages with know vulnerabilities, including:

- Directory traversal
- Regular expression denial of service (ReDoS)
- Cross site scripting (XSS)
- Remote code execution (RCE)
- Arbitrary file overwrite (Zip Slip)
- These exploits exist in a number of applications, most of which you will need to install either locally or on a cloud instance.

You can do this workshop in 2 different flavours:

- Using the prepared Docker images OR
- Install everything on your local machine.
Let Me Show You How React Applications Get Hacked in the Real-World
React Advanced Conference 2021React Advanced Conference 2021
22 min
Let Me Show You How React Applications Get Hacked in the Real-World
Top Content
React's default security against XSS vulnerabilities, exploring and fixing XSS vulnerabilities in React, exploring control characters and security issues, exploring an alternative solution for JSON parsing, and exploring JSON input and third-party dependencies.
You thought your React application is secure? Think again
React Finland 2021React Finland 2021
42 min
You thought your React application is secure? Think again
Modern frontend frameworks like React are well thought-of in their application security design and that’s great. However, there is still plenty of room for developers to make mistakes and use insecure APIs, vulnerable components, or generally do the wrong thing that turns user input into a Cross-site Scripting vulnerability (XSS). Let me show you how React applications get hacked in the real-world.