Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
    • 4.1. SQL Injection
    • 4.2. XSS
      • 4.2.1. Classification
      • 4.2.2. Hazards
      • 4.2.3. Same Origin Policy
      • 4.2.4. CSP
      • 4.2.5. XSS data sources
      • 4.2.6. Sink
      • 4.2.7. XSS Protection
      • 4.2.8. WAF Bypass
      • 4.2.9. Skills
      • 4.2.10. Payload
      • 4.2.11. Persistence
      • 4.2.12. Reference Links
        • 4.2.12.1. wiki
        • 4.2.12.2. Challenges
        • 4.2.12.3. CSS
        • 4.2.12.4. Same Origin Policy
        • 4.2.12.5. bypass
        • 4.2.12.6. Persistence
        • 4.2.12.7. Tricks
    • 4.3. CSRF
    • 4.4. SSRF
    • 4.5. Command Injection
    • 4.6. Directory Traversal
    • 4.7. File reading
    • 4.8. File Upload
    • 4.9. File Include
    • 4.10. XXE
    • 4.11. Template Injection
    • 4.12. Xpath injection
    • 4.13. Logic Vulnerability / Business Vulnerability
    • 4.14. Configuration and Policy Security
    • 4.15. Middleware
    • 4.16. Web Cache Spoofing Attack
    • 4.17. HTTP Request Smuggling
  • 5. Language and Framework
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 4. Common vulnerability attack and defense »
  • 4.2. XSS »
  • 4.2.12. Reference Links

4.2.12. Reference Links¶

4.2.12.1. wiki¶

  • AwesomeXSS

  • w3c

  • dom xss wiki

  • content-security-policy.com

  • markdwon xss

  • xss cheat sheet

  • html5 security cheatsheet

  • http security headers

  • XSSChallengeWiki

4.2.12.2. Challenges¶

  • XSS Challenge By Google

  • prompt to win

4.2.12.3. CSS¶

  • rpo

  • A preliminary study of rpo attack

  • Reading Data via CSS

  • css based attack abusing unicode range

  • css injection

  • css timing attack

4.2.12.4. Same Origin Policy¶

  • Same origin policy

  • cors security guide

  • logically bypassing browser security boundaries

4.2.12.5. bypass¶

  • 666 lines of xss payload

  • xss auditor bypass

  • xss auditor bypass writeup

  • bypassing csp using polyglot jpegs

  • bypass xss filters using javascript global variables

4.2.12.6. Persistence¶

  • Variant XSS Persistence Control by tig3r

  • Using Appcache and ServiceWorker for Evil

4.2.12.7. Tricks¶

  • Service Worker Security Exploration

  • Front end black magic

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.