Client-Side Protection Against DOM-Based XSS Done Right
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of client-side protection against DOM-based Cross-Site Scripting (XSS) in this Black Hat conference talk. Delve into the limitations of current browser-based XSS filters, particularly Chrome's XSS Auditor, as the speakers reveal 17 flaws enabling filter bypasses. Learn about a tool for automatically generating XSS attacks that exploit these vulnerabilities. Examine the results of an empirical study testing these attacks against thousands of zero-day XSS vulnerabilities in top websites, demonstrating the inadequacy of existing client-side defenses. Discover an innovative alternative XSS filter design utilizing client-side taint tracking in the JavaScript engine, offering more robust protection against DOM-XSS attacks. Gain valuable insights into improving web application security and safeguarding end-users from this pervasive threat.
Syllabus
Client-Side Protection Against DOM-Based XSS Done Right (tm)
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube