YoVDO

Revisiting XSS Sanitization

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Web Development Courses Cross-Site Scripting (XSS) Courses Web Application Security Courses

Course Description

Overview

Explore the vulnerabilities and security challenges of online WYSIWYG editors in this Black Hat conference talk. Discover how to break the top 25 online rich-text editors powering thousands of web applications, including popular ones like TinyMCE, Jive, Froala, and CKEditor. Learn about real-world XSS bypasses on major platforms such as Twitter, Yahoo Email, Amazon, GitHub, Magento, and CNET. After demonstrating these vulnerabilities, gain insights into a practical and effective sanitizer solution based on just 11 characters and 3 regular expressions. Understand how this sanitizer can protect against XSS attacks in various contexts, including HTML, attribute, script (including JSON), style, and URL.

Syllabus

Revisiting XSS Sanitization


Taught by

Black Hat

Related Courses

Software as a Service
University of California, Berkeley via Coursera Intro to Computer Science
University of Virginia via Udacity Web Development
Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX