Web Hacking Advanced - Client-Side
0.0
(0)
Tier 2 Medium Skill Path Web Hacking
This path focuses on advanced client-side web hacking techniques, such as bypassing security filters, complex injection attacks, and security policy bypasses. You'll work through real-world scenarios like XSS, CSP bypass, DOM-based attacks, and template injections, enhancing your client-side security skills.
Web Hacking Advanced - Client-Side
0.0
(0)
Tier 2 Medium Skill Path Web Hacking
This path focuses on advanced client-side web hacking techniques, such as bypassing security filters, complex injection attacks, and security policy bypasses. You'll work through real-world scenarios like XSS, CSP bypass, DOM-based attacks, and template injections, enhancing your client-side security skills.
Retail Price
1800 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /17
17
Wargame 0 /11
11
Quiz 0 /11
11
You can access locked objectives by upgrading your plan or purchasing the units separately.

Why It's Worth Your Time

In web security, the client-side is one of the fastest-evolving attack vectors, with advanced techniques actively being used to bypass filters and security policies. This path covers various client-side attacks and defenses—including XSS, CSP, CSRF, and CORS—analyzing complex vulnerabilities directly through real-world code examples. It is a high-level path recommended for those who want to build practical client-side security skills. Completing this path will prepare learners for careers as white-hat hackers, bug bounty hunters, security consultants, and security researchers.

Topics Covered

  • Techniques for bypassing various XSS filters
  • CSP (Content Security Policy) bypass and defense strategies
  • Analysis and exploitation of CSRF token misuse and CORS vulnerabilities
  • Advanced injection attacks like Client-Side Template Injection and CSS Injection
  • Principles and practice of Relative Path Overwrite attacks
  • DOM-based attacks such as XS-Search and DOM XSS

Recommended For

  • Aspiring white-hat hackers, security consultants, and bug bounty hunters
  • Those focused on mastering advanced client-side attack techniques
  • CTF participants aiming to solve high-level client-side challenges

Prerequisite Knowledge

  • Strong understanding of web hacking fundamentals
  • Basic knowledge of JavaScript and HTML
  • Experience using web browser developer tools (DevTools)
Unit Composition
Total 8 units
  1. 1
    10.0
    (1)
    Free
    10.0
    (1)
    Free
    Explore XSS filtering and bypass techniques.
    XSS Filtering Bypass - I
    [WHA-C] Exploit Tech: XSS Filtering Bypass - I
    Lab: XSS Filter Bypass - String Detection
    Pro
    Lab: XSS Filter Bypass - String Substitution
    Pro
    Quiz: XSS Filtering Bypass - l
    XSS Filtering Bypass - II
    [WHA-C] Exploit Tech: XSS Filtering Bypass - II
    Lab: XSS Filter Bypass - Javascript Function and Keyword Filters
    Pro
    Quiz: XSS Filtering Bypass - ll
    [Exercise] XSS Filtering Bypass
    [WHA-C] Exercise: XSS Filtering Bypass
    XSS Filtering Bypass
    [Self-practice] XSS Filtering Bypass Advanced
    XSS Filtering Bypass Advanced
  2. 2
    10.0
    (2)
    400
    Coin
    Free with subscription
    10.0
    (2)
    400
    Coin
    Free with subscription
    Explore Content Security Policy (CSP), setups, and understand potential vulnerabilities.
    Content Security Policy (CSP)
    [WHA-C] Background: Content Security Policy
    Quiz: Content-Security-Policy
    CSP Bypass
    [WHA-C] Exploit Tech: CSP Bypass
    Quiz: CSP bypass
    [Exercise] CSP Bypass
    [WHA-C] Exercise: CSP Bypass
    CSP Bypass
    [Self-practice] CSP Bypass Advanced
    CSP Bypass Advanced
  3. 3
    9.5
    (4)
    350
    Coin
    Free with subscription
    9.5
    (4)
    350
    Coin
    Free with subscription
    Explore CSRF Token and CORS, mitigation techniques, and learn potential vulnerabilities from their incorrect usage.
    CSRF Token Misuse
    [WHA-C] Exploit Tech: CSRF Token Misuse
    Quiz: Misuse of CSRF Token
    CORS Vulnerability
    [WHA-C] Exploit Tech: CORS Vulnerability
    Lab: postMessage
    Pro
    Quiz: CORS Bypass
    [Exercise] CSRF Bypass
    [WHA-C] Exercise: CSRF Advanced
    CSRF Advanced
  4. 4
    200
    Coin
    Free with subscription
    9.4
    (5)
    200
    Coin
    Free with subscription
    Explore Client Side Template Injection (CSTI) vulnerabilities in frontend frameworks and XSS attacks via CSTI.
    Client-Side Template Injection (CSTI)
    [WHA-C] Exploit Tech: Client Side Template Injection
    Quiz: Client Side Template Injection
    [Exercise] Client Side Template Injection
    [WHA-C] Exercise: Client Side Template Injection
    Client Side Template Injection
  5. 5
    9.0
    (1)
    200
    Coin
    Free with subscription
    9.0
    (1)
    200
    Coin
    Free with subscription
    Explore CSS Injection techniques for UI manipulation and data exfiltration.
    CSS Injection
    [WHA-C] Exploit Tech: CSS Injection
    Lab: CSS Injection
    Pro
    Quiz: CSS Injection
    [Self-practice] CSS Injection
    CSS Injection
  6. 6
    0.0
    (0)
    250
    Coin
    Free with subscription
    0.0
    (0)
    250
    Coin
    Free with subscription
    Explore Relative Path Overwrite (RPO) vulnerabilities and their related attacks.
    Relative Path Overwrite
    [WHA-C] Exploit Tech: Relative Path Overwrite
    Quiz: Relative Path Overwrite
    [Exercise] Relative Path Overwrite
    [WHA-C] Exercise: Relative Path Overwrite
    Relative Path Overwrite
    [Self-practice] Relative Path Overwrite Advanced
    Relative Path Overwrite Advanced
  7. 7
    0.0
    (0)
    200
    Coin
    Free with subscription
    0.0
    (0)
    200
    Coin
    Free with subscription
    Explore DOM-related security vulnerability and attack method.
    Document Object Model Vulnerability
    [WHA-C] Exploit Tech: Document Object Model Vulnerability
    Lab: DOM Clobbering
    Pro
    Quiz: Document Object Model Vulnerability
    [Self-practice] DOM XSS
    DOM XSS
  8. 8
    10.0
    (1)
    200
    Coin
    Free with subscription
    10.0
    (1)
    200
    Coin
    Free with subscription
    Explore XS-Search attacks to bypass Same-Origin Policy and extract secret information.
    XS-Search
    [WHA-C] Exploit Tech: XS-Search
    Quiz: XS-Search
    [Exercise] XS-Search
    [WHA-C] Exercise: XS-Search
    XS-Search
Reviews
0.0 (0)
Retail Price
1800 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /17
17
Wargame 0 /11
11
Quiz 0 /11
11
You can access locked objectives by upgrading your plan or purchasing the units separately.