XSS Street-Fight: The Only Rule Is There Are No Rules
- Type
- Slides
- Tags
- XSS
- Authors
- Ryan C. Barnett
- Event
- Black Hat DC 2011
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdf
- File name
- BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdf
- File size
- 15.5 MB
- MD5
- f3ce52d9b414d6a91c41a4d7673dd390
- SHA1
- fed217770c2f844aa89c859dea578ba3b648267b
Defending web applications from Cross-Site Scripting (XSS) attacks is extremely challenging, especially when the application's code can not be updated to fix the issue. This presentation will provide a walk-through of various XSS attack/defense/evasion lessons learned by Trustwave's SpiderLabs Research Team while working with commercial WAF customers, as well as, by receiving thousands of attacks against our public ModSecurity demonstration page. We will highlight cutting-edge XSS protection methods that are external to the web application's code such as Defensive Javascript Content Injection.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
