Case Studies of Award-Winning XSS Attacks: Part 1

Get a 4-digit Reward ($$$$) per Single XSS


Get started now!



Course Description

Cross-site scripting (XSS) is one of the most widespread and dangerous vulnerabilities in modern web applications. It turns out that you can get a 4-digit reward ($$$$) per single XSS in bug bounty programs, which is just amazing.

There are many people hunting for XSSs, but only a few of them are successful. What makes them successful? They focus on non-standard XSSs and this is exactly what I present in this course!

I’m one of the top hackers at HackerOne (among more than 100,000 registered hackers), and I really know how to make money out there. If you want to become a successful XSS hunter, then this course is just for you.

In Part 1 of Case-Studies of Award-Winning XSS Attacks, you will learn about the following non-standard XSS attacks:

1. XSS via Image
2. XSS via HTTP Response Splitting
3. XSS via Cookie
4. XSS via AngularJS Template Injection

For every single bug there is a DEMO so that you can see how to find these bugs step-by-step in practice.

Are you ready to become a successful XSS hunter? Let’s enroll to this course and start an exciting journey.

If you are interested in more award-winning XSS attacks, then I also recommend you to see Part 2 of Case-Studies of Award-Winning XSS Attacks (TO BE PUBLISHED SOON).

What's more – don’t forget to subscribe to my newsletter to receive FREE hacking resources.


Course Curriculum


  1. Introduction
Available in days
days after you enroll
  2. XSS via Image
Available in days
days after you enroll
  4. XSS via Cookie
Available in days
days after you enroll
  6. Summary
Available in days
days after you enroll
  Course Review
Available in days
days after you enroll

Your Satisfaction is My Primary Goal

If you're unhappy with this course, let me know. I'll get back to you and I'll do my best to help you.

Course Rating: ★★★★★

"Simply Great course. Very well explained."

- Abhishek Yadav, Student

Course Rating: ★★★★★

"Amazing bugs! I learned a lot. You’re a very good instructor."

- Adel Boutine, Independent Security Researcher

Course Rating: ★★★★★

"nice, keep it up. keep the content unique."

- Jan, Student

Get started now!



Your Instructor


Dawid Czagan
Dawid Czagan

I’m listed among Top 10 Hackers (HackerOne). I found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies, and due to the severity of many bugs, I received numerous awards for my findings.

I happily share my security bug hunting experience in hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. I had the pleasure to deliver security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. My students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and the government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).

I’m the founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. To find out about my latest work, subscribe to my newsletter and follow me on Twitter (@dawidczagan).