Performing Cross-Site Scripting (XSS) Attacks using OWASP Juice Shop

Cross-Site Scripting (XSS) is one of the most widespread and critical web app vulnerabilities. It allows attackers to execute arbitrary JavaScript code in the context of a victim's browser, which can lead to unauthorized actions like session hijacking, data theft, or further attacks. OWASP has rated XSS on 3rd position under the Injection category.

The severity of XSS attacks can be devastating as it allows attackers to execute arbitrary JavaScript code in the context of a victim's browser, which can lead to unauthorized actions like session hijacking, data theft, or further attacks. The attack consequences could be from a simple popup to a full account takeover.

In this lab, you will understand three types of XSS attacks on the OWASP Juice Shop application to understand how XSS attacks work and how to prevent them in your applications.

Objectives

Upon completion of this lab, you will be able to:

• Understand the different types of XSS attacks
• Perform a DOM-based XSS
• Perform a Reflected XSS
• Prevent DOM-based XSS attack in your applications

Who is this lab for?

This lab is designed for:

• Developers who want to understand how XSS attacks work and how to prevent them in their applications
• IT Professionals learning about web application security
• Security professionals who want to understand XSS attacks and how to prevent them