+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: Learn How to Find and Exploit XSS Vulnerabilities with Google’s XSS Game

WPTavern: Learn How to Find and Exploit XSS Vulnerabilities with Google’s XSS Game

In 2016, Acunetix, a UK-based security firm, found that 33% of websites and web apps are vulnerable to XSS. This number is down 5% from the company’s findings for the previous year, but it’s still one of the most common vulnerabilities. In fact, every WordPress security release for the past year has included patches for cross-site scripting (XSS) vulnerabilities, including 4.5.2, 4.5.3, 4.6.1, 4.7.1, 4.7.2, and many other previous releases.

Google has created a fun and educational XSS game that teaches new bug hunters how to find and exploit XSS vulnerabilities. Each challenge teaches students how to inject a script to pop up an alert() within the training application. The first few levels are fairly easy and it gets progressively more difficult.

It was designed for developers who work on web apps but do not specialize in security. Google’s goal with the game is to help developers get better at recognizing the vulnerabilities in their own code:

This security game consists of several levels resembling real-world applications which are vulnerable to XSS – your task will be to find the problem and attack the apps, similar to what an evil hacker might do.

XSS bugs are common because they have a nasty habit of popping up wherever a webapp deals with untrusted input. Our motivation is to highlight common coding patterns which lead to XSS to help you spot them in your code.

The intro to the game tempts new recruits to hone their skills with promises to pay mercenaries up to $7,500 for discovering XSS bugs in the Google’s most sensitive products. It gives a nice introduction to common attack vectors for XSS vulnerabilities and congratulates winners with a cake and a link to more in-depth XSS documentation from Google’s collection of application security resources.

The XSS game has been around for a few years and provides a fun way to start your XSS learning if you have a few minutes over the weekend. With the constant stream of security updates for WordPress core, plugins, and themes, it’s good to get a basic understanding of what many of these patches are for. After a little bit of study and practice, you may be able to find XSS vulnerabilities in applications and help make the internet more secure.

Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more

Leave a Reply

Your email address will not be published.