Performing Cross-Site Scripting (XSS) Attacks using OWASP Juice Shop
Perform XSS attacks on OWASP Juice Shop to learn how to prevent XSS attacks in your applications in this hands-on lab.
Skills Validated
Lab Overview & Objectives
Cross-Site Scripting (XSS) is one of the most widespread and critical web app vulnerabilities. It allows attackers to execute arbitrary JavaScript code in the context of a victim's browser, which can lead to unauthorized actions like session hijacking, data theft, or further attacks. OWASP has rated XSS on 3rd position under the Injection category.
The severity of XSS attacks can be devastating as it allows attackers to execute arbitrary JavaScript code in the context of a victim's browser, which can lead to unauthorized actions like session hijacking, data theft, or further attacks. The attack consequences could be from a simple popup to a full account takeover.
In this lab, you will understand three types of XSS attacks on the OWASP Juice Shop application to understand how XSS attacks work and how to prevent them in your applications.
Objectives
Upon completion of this lab, you will be able to:
- Understand the different types of XSS attacks
- Perform a DOM-based XSS
- Perform a Reflected XSS
- Prevent DOM-based XSS attack in your applications
Who is this lab for?
This lab is designed for:
- Developers who want to understand how XSS attacks work and how to prevent them in their applications
- IT Professionals learning about web application security
- Security professionals who want to understand XSS attacks and how to prevent them
Real-Time Validation
Our platform uses an automated validation engine to verify your configurations as you work through the lab modules. No multiple choice—just real-world proficiency.