In this course, you will learn how to identify and mitigate CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), or XSS. Coverage includes techniques for spotting Cross-site Scripting through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.
On successful completion of this course, learners should have the knowledge and skills to:
- Identify cross-site scripting vulnerabilities
- Recognize the potential impact of this vulnerability
- Apply coding best practices to avoid it
- Find cross-site scripting vulnerabilities in your application’s source code
- Test your application to detect it