The Web Is Vulnerable - XSS Defense on the BattleFront

Explore a comprehensive analysis of cross-site scripting (XSS) vulnerabilities and defense strategies in this Black Hat USA 2013 conference talk. Delve into the findings of a large-scale data mining study that uncovered successful XSS exploits on over 1,000 vulnerable pages across hundreds of websites worldwide. Examine various attack scenarios, including defacement, cookie stealing, and data theft, while gaining insights into attack intensity and patterns. Learn about cutting-edge protection methods capable of intercepting more than 95% of real-world malicious samples. Discover the newly introduced detectXSSlib, a lightweight nginx module for real-time XSS attack detection. Gain valuable knowledge on fixing XSS vulnerabilities, leveraging browser capabilities, implementing conditional JavaScript, automating virtual patching, and utilizing browser filters. Understand attack methodologies and clientside analysis techniques to enhance your web security posture.

Intro
The Problem
Detect Access asleep
What did I find
Defacement
Cookie stealing
Data steal
Attack intensity
Fixing XSS
Find Your Vaults
Leveraging the Browser
Conditionally pushing down JavaScript
Automating virtual patching
Browser filters
Attack methodology
Clientside analysis