The Web Is Vulnerable - XSS Defense on the BattleFront
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of cross-site scripting (XSS) vulnerabilities and defense strategies in this Black Hat USA 2013 conference talk. Delve into the findings of a large-scale data mining study that uncovered successful XSS exploits on over 1,000 vulnerable pages across hundreds of websites worldwide. Examine various attack scenarios, including defacement, cookie stealing, and data theft, while gaining insights into attack intensity and patterns. Learn about cutting-edge protection methods capable of intercepting more than 95% of real-world malicious samples. Discover the newly introduced detectXSSlib, a lightweight nginx module for real-time XSS attack detection. Gain valuable knowledge on fixing XSS vulnerabilities, leveraging browser capabilities, implementing conditional JavaScript, automating virtual patching, and utilizing browser filters. Understand attack methodologies and clientside analysis techniques to enhance your web security posture.
Syllabus
Intro
The Problem
Detect Access asleep
What did I find
Defacement
Cookie stealing
Data steal
Attack intensity
Fixing XSS
Find Your Vaults
Leveraging the Browser
Conditionally pushing down JavaScript
Automating virtual patching
Browser filters
Attack methodology
Clientside analysis
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube