Completed
Solutions
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
XSS is Dead - We Just Don't Get It
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Welcome
- 3 Whos here
- 4 Agenda
- 5 Crosssite scripting
- 6 Crosssite scripting types
- 7 Looking at the past
- 8 Cert Advisory
- 9 Web Security
- 10 HTML Entities
- 11 HTTP Only Cookies
- 12 Advanced Attacks
- 13 Trust
- 14 Two tools
- 15 Trustworthy scripting
- 16 XSS worms
- 17 Sammyswarm
- 18 Wade Alcorn
- 19 We need new tools
- 20 HTML is complex and grows
- 21 There are so many XSS tools
- 22 Cases
- 23 Bypasses
- 24 Maybe XSS is dead
- 25 The tools we have
- 26 Academia is always busy
- 27 Other kinds of fix success
- 28 Mind sniffing crosssite scripting
- 29 Adobe Reader bug
- 30 Stronger tools
- 31 CSP
- 32 CDNs
- 33 CSPs
- 34 More tools
- 35 Content sanitization
- 36 Trust crumbling
- 37 We forgot the seatbelt
- 38 We are the color restriction
- 39 Its about money
- 40 We now have
- 41 Why dont we kill
- 42 Legacy system
- 43 We keep finding excuses
- 44 We cant fix XSS
- 45 I dont think its management
- 46 I would lose a lot of money
- 47 What do we actually want
- 48 Thats a good sign
- 49 Whats next
- 50 Do we need more
- 51 SEC metadata
- 52 Google Scholar
- 53 Motivation
- 54 Punishment
- 55 Responsibility
- 56 Stop the buck finish
- 57 Fix bounties
- 58 The glorification goes overboard
- 59 Doctor please
- 60 Solutions
- 61 Start being honest
- 62 Lets start panel
- 63 Crosssite scripting is dead
- 64 We are in a very good position
- 65 Questions