XSS is Dead - We Just Don't Get It

XSS is Dead - We Just Don't Get It

OWASP Foundation via YouTube Direct link

Intro

1 of 65

1 of 65

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

XSS is Dead - We Just Don't Get It

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Welcome
  3. 3 Whos here
  4. 4 Agenda
  5. 5 Crosssite scripting
  6. 6 Crosssite scripting types
  7. 7 Looking at the past
  8. 8 Cert Advisory
  9. 9 Web Security
  10. 10 HTML Entities
  11. 11 HTTP Only Cookies
  12. 12 Advanced Attacks
  13. 13 Trust
  14. 14 Two tools
  15. 15 Trustworthy scripting
  16. 16 XSS worms
  17. 17 Sammyswarm
  18. 18 Wade Alcorn
  19. 19 We need new tools
  20. 20 HTML is complex and grows
  21. 21 There are so many XSS tools
  22. 22 Cases
  23. 23 Bypasses
  24. 24 Maybe XSS is dead
  25. 25 The tools we have
  26. 26 Academia is always busy
  27. 27 Other kinds of fix success
  28. 28 Mind sniffing crosssite scripting
  29. 29 Adobe Reader bug
  30. 30 Stronger tools
  31. 31 CSP
  32. 32 CDNs
  33. 33 CSPs
  34. 34 More tools
  35. 35 Content sanitization
  36. 36 Trust crumbling
  37. 37 We forgot the seatbelt
  38. 38 We are the color restriction
  39. 39 Its about money
  40. 40 We now have
  41. 41 Why dont we kill
  42. 42 Legacy system
  43. 43 We keep finding excuses
  44. 44 We cant fix XSS
  45. 45 I dont think its management
  46. 46 I would lose a lot of money
  47. 47 What do we actually want
  48. 48 Thats a good sign
  49. 49 Whats next
  50. 50 Do we need more
  51. 51 SEC metadata
  52. 52 Google Scholar
  53. 53 Motivation
  54. 54 Punishment
  55. 55 Responsibility
  56. 56 Stop the buck finish
  57. 57 Fix bounties
  58. 58 The glorification goes overboard
  59. 59 Doctor please
  60. 60 Solutions
  61. 61 Start being honest
  62. 62 Lets start panel
  63. 63 Crosssite scripting is dead
  64. 64 We are in a very good position
  65. 65 Questions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.