00:44 overview 01:22 Module reading 02:18 history =================================== DIFFERENT CLASSES OF XSS =================================== 05:38 reflective XSS 06:09 stored XSS 06:36 Flash-based XSS 07:03 self-XSS =================================== CLASSIC EXAMPLES OF XSS =================================== 07:37 MySpace worm, stored XSS 08:10 Tweetdeck worm, stored XSS =================================== BEST EXAMPLES OF XSS =================================== 08:27 start slow [...], don't get discouraged, keep a list of common payload =================================== DOM XSS =================================== 11:07 Advances of XSS 11:24 DOM XSS is one of the hardest variation of XSS to find because it requires a little bit more advanced knowledge 11:40 and within that function is a call to a variable that can be injected into via query string or post body parameter 11:46 DOM XSS is notoriously hard to find for many beginners and intermediate-level testers 11:53 sources and sinks 12:23 sources 12:59 what does it look like 13:46 example, XSS Polyglot 1 14:40 polyglot 2 14:55 polyglot 3 =================================== BLIND XSS =================================== 15:07 Blind XSS =================================== tooling =================================== 16:09 XSS hunter

Thanks to Bugcrowd for giving you the opportunity to present this as well as thank you very much, Jason, as well as everyone that contributed to this presentation. Best Regards

Interesting point 8:57 start slowly 13:50 what's a polyglot 17:21 recommend mind map

we are REALLY enjoying and learning what the channel is providing ,and please more of this amazing content.

There are two definitions of self-xss. The other is that the user can impose xss on his own user account. If combined with login-csrf it can have the same impact as a regular xss.

Thank you so much for this content, Please keep it coming. :D

I am so enjoying this! Thank you thank you so much. Btw I used to check for "hello" to see if its reflecting or not but from now on "swagneto" is my thing lol hope it brings luck!!!

Thank you for this! Thus made my life easier

Amazing explanation sir..

What's about universal xss ?

Super explanation 👍

Best video I've seen!

Do u have to be good at reading JavaScript to find this bug?

Hi Guys its there a problem with your Video University Tutorials, future updates ? Thanks for you beautifull explanation

Thank you so much for tutorial this is really helpful 😄

@Bugcrowd Tutorials are execellent. Please make more videos on other topics.

In the lab, why do you have to go slow when adding tags, etc ??? why not just start with ?

amazing content✌️✌️

But most of all, Samy is our hero

(17:20)-XSS MindMap

Thanks sir pls make more videos 🙏👌

today someone just reported the xss bug in google translate

Great thanks for sharing.

Excellent!!!

I would never recommend to use KnoXSS. It's a substandard tool that promises too much.

very good

Swagneto!

Voice is very low. I had to twice check my volume...