Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Call to Arms - A Tale of the Weaknesses of Current Client-Side XSS Filtering

Black Hat via YouTube

Overview

Explore the critical vulnerabilities in client-side XSS filtering through this comprehensive Black Hat conference talk. Delve into an in-depth analysis of Chrome's XSS Auditor, uncovering 17 flaws that enable bypassing its filtering capabilities. Learn about a tool for automatically generating XSS attacks that exploit these vulnerabilities. Examine the results of a practical, empirical study testing the Auditor's protection capabilities against thousands of DOM-based zero-day XSS vulnerabilities in top websites. Discover how the XSS filter was successfully bypassed on the first attempt in over 80% of vulnerable web applications. Gain insights into potential future improvements for client-side XSS filtering based on the presenters' analysis and experiences in bypass generation. Enhance your understanding of web security and stay ahead of emerging threats in this 55-minute presentation by Martin Johns, Ben Stock, and Sebastian Lekies.

Syllabus

Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering

Taught by

Black Hat

Reviews

Start your review of Call to Arms - A Tale of the Weaknesses of Current Client-Side XSS Filtering

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.