Description:
Explore a comprehensive conference talk from AppSecEU 2015 in Amsterdam, where Martin Johns, Sebastian Lekies, and Ben Stock delve into client-side protection against DOM-based XSS attacks. Learn about the Same Origin Policy, XSS vulnerability types, and the specifics of DOM-based XSS. Discover effective methods to stop cross-site scripting attacks, including automated expert generators and the XSS auditor. Examine real-world testing scenarios using Alexa top 10000 domains and understand the challenges of disabling and testing XSS auditors. Gain insights into preventing XSS auditor bypasses, performance considerations, and string matching issues. Watch a demo showcasing solutions, examples, and potential false negatives and positives. Conclude with performance results and key takeaways for implementing robust client-side protection against DOM-based XSS vulnerabilities.
Client-Side Protection Against DOM-Based XSS Done Right
Add to list
#Conference Talks
#Information Security (InfoSec)
#Ethical Hacking
#Cross-Site Scripting (XSS)
#Cybersecurity
#Web Security
#Same-Origin Policy