YoVDO

Breaking XSS Mitigations Via Script Gadgets

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cross-Site Scripting (XSS) Courses Web Security Courses Content Security Policy Courses

Course Description

Overview

Explore a groundbreaking Web hacking technique that enables attackers to bypass most XSS mitigations by exploiting script gadgets. Delve into the concept of script gadgets, which are legitimate JavaScript pieces that process DOM elements, potentially leading to script execution. Learn about HTML sanitizers, Content Security Policies, and the expression process. Watch demonstrations and gain insights from security experts Sebastian Lekies, Krzysztof Kotowicz, and Eduardo Vela as they present their findings at Black Hat. Understand the implications of this novel approach for web security and discover potential countermeasures to protect against such attacks.

Syllabus

Introduction
What is XSS
What are Script Gadgets
The Problem
HTML Sanitizers
Script Gadgets
Summary
Unsafeeval
Content Security Policies
Expression Process
Demo
Sebastian
Summary Conclusion
Recap
Main Conclusion
Questions


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube