What is JavaScript? Who is a HTML and what are they doing in my browser? If you ask these sort of questions - this is the workshop for you. You may have heard of Cross-Site Scripting in passing, you may not have, but after this you will understand what it is, what you can do with it, and be well on your way to finding it in simpler web apps.

Cross-Site Scripting (XSS for short) is one of the fundamental vulnerabilities all junior AppSec professions need to have a solid grasp of. Understanding why XSS is an issue, how it is introduced into applications, and ultimately how to begin finding it is a vital step on anyones AppSec journey.

We will start with a basic overview of what a website is made up of (HTML/JS/CSS), then the difference between dynamic and static pages, and onto how user-supplied content ends up in pages. We then move onto exploring how we might provide malicious content, exploring what we used to demonstrate execution (alert(1)) . This workshop is supported by custom labs to reinforce the learning.

Whilst this is aimed at complete beginners, by the end of the two hours you should have a solid understanding of what XSS is, but more importantly why it ends up in applications. This depth of understanding will help any person within the AppSec field.

This is a workshop aimed at folks brand new to web security, or people wanting to get into AppSec in the future.