Главная
Study mode:
on
1
Intro
2
Welcome
3
Whos here
4
Agenda
5
Crosssite scripting
6
Crosssite scripting types
7
Looking at the past
8
Cert Advisory
9
Web Security
10
HTML Entities
11
HTTP Only Cookies
12
Advanced Attacks
13
Trust
14
Two tools
15
Trustworthy scripting
16
XSS worms
17
Sammyswarm
18
Wade Alcorn
19
We need new tools
20
HTML is complex and grows
21
There are so many XSS tools
22
Cases
23
Bypasses
24
Maybe XSS is dead
25
The tools we have
26
Academia is always busy
27
Other kinds of fix success
28
Mind sniffing crosssite scripting
29
Adobe Reader bug
30
Stronger tools
31
CSP
32
CDNs
33
CSPs
34
More tools
35
Content sanitization
36
Trust crumbling
37
We forgot the seatbelt
38
We are the color restriction
39
Its about money
40
We now have
41
Why dont we kill
42
Legacy system
43
We keep finding excuses
44
We cant fix XSS
45
I dont think its management
46
I would lose a lot of money
47
What do we actually want
48
Thats a good sign
49
Whats next
50
Do we need more
51
SEC metadata
52
Google Scholar
53
Motivation
54
Punishment
55
Responsibility
56
Stop the buck finish
57
Fix bounties
58
The glorification goes overboard
59
Doctor please
60
Solutions
61
Start being honest
62
Lets start panel
63
Crosssite scripting is dead
64
We are in a very good position
65
Questions
Description:
Explore the history, evolution, and current state of Cross-Site Scripting (XSS) vulnerabilities in this provocative keynote address from OWASP AppSec EU 2018. Delve into the origins of XSS dating back to 1998, examining past attempts to mitigate the issue and their subsequent failures. Analyze how web infrastructure and monetization have contributed to the persistence of XSS, drawing parallels to other human failures. Gain insights into potential future developments and industry-wide challenges in addressing this long-standing security concern. Evaluate the effectiveness of various tools, techniques, and approaches used to combat XSS, including Content Security Policy (CSP), sanitization, and bug bounty programs. Reflect on the broader implications for web security and the responsibilities of developers, organizations, and the security community in tackling persistent vulnerabilities.

XSS is Dead - We Just Don't Get It

OWASP Foundation
Add to list
#Conference Talks #Information Security (InfoSec) #Ethical Hacking #Cross-Site Scripting (XSS) #Cybersecurity #Web Security
00:00
-00:54
1 of 65

1 Intro