XXSS: Exotic Cross-Site Scripting vectors

Key takeaways
  • You will learn about the different attack mechanisms behind XSS and what makes each of them dangerous.
  • You will discover why avoiding script injection is not enough, as an attacker might hurt your users by injecting HTML, CSS or malicious images.
  • You'll get a glimpse into the weird ways browsers might open up themselves for attacks by trying to be helpful.
  • The talk will help you reevaluate what you consider user input through the example of blind XSS.

XSS is one of the most well known attacks on the web, perhaps second only to SQL injection. While the general idea behind it is relatively simple, due to the colorfulness of the web and the quirks of the browsers it has a surprising depth to it. In this talk we'll journey deep down the rabbit hole of XSS attacks and take a look at all the weird ways malicious inputs may hurt our users, from the non-JS based injections (CSS, HTML, image) through mXSS, up to blind XSS.

Benedek Gagyi

Sharpen your skills. Explore

Pick your topics of interest below
Large Spinner


Partners, Sticker Mule

Best companies

Best companies, Qlik
Best companies, VP Securities
Best companies, Telavox
Best companies, EDP
Best companies, Avensia
Best companies, Citerus
Best companies, Avega Group
Best companies, Handelsebanken
Best companies, Play'n'GO
Best companies, Capgemini
Best companies, Trustly
Best companies, Danskebank
Best companies, Lantmäteriet
Best companies, ÅF