Learn How to Find and Exploit XSS Vulnerabilities with Google’s XSS Game


In 2016, Acunetix, a UK-based security firm, found that 33% of websites and web apps are vulnerable to XSS. This number is down 5% from the company’s findings for the previous year, but it’s still one of the most common vulnerabilities. In fact, every WordPress security release for the past year has included patches for cross-site scripting (XSS) vulnerabilities, including 4.5.2, 4.5.3, 4.6.1, 4.7.1, 4.7.2, and many other previous releases. Google has created a fun and educational XSS game that teaches new bug hunters how to find and exploit XSS vulnerabilities. Each challenge teaches students how to inject a script to pop up an alert() within the training application. The first few levels are fairly easy and it gets progressively more difficult.
It was designed for developers who work on web apps but do not specialize in security. Google’s goal with the game is to help developers get better at recognizing the vulnerabilities in their own code:
This security game consists of several levels resembling real-world applications which are vulnerable to XSS – your task will be to find the problem and attack the apps, similar to what an evil hacker might do.
XSS bugs
Source: https://managewp.org/articles/14464/learn-how-to-find-and-exploit-xss-vulnerabilities-with-google-s-xss-game


Source: https://williechiu40.wordpress.com/2017/02/27/learn-how-to-find-and-exploit-xss-vulnerabilities-with-googles-xss-game/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s