Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Client-Side Protection Against DOM-Based XSS Done Right

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive analysis of client-side protection against DOM-based Cross-Site Scripting (XSS) in this Black Hat conference talk. Delve into the limitations of current browser-based XSS filters, particularly Chrome's XSS Auditor, as the speakers reveal 17 flaws enabling filter bypasses. Learn about a tool for automatically generating XSS attacks that exploit these vulnerabilities. Examine the results of an empirical study testing these attacks against thousands of zero-day XSS vulnerabilities in top websites, demonstrating the inadequacy of existing client-side defenses. Discover an innovative alternative XSS filter design utilizing client-side taint tracking in the JavaScript engine, offering more robust protection against DOM-XSS attacks. Gain valuable insights into improving web application security and safeguarding end-users from this pervasive threat.

Syllabus

Client-Side Protection Against DOM-Based XSS Done Right (tm)

Taught by

Black Hat

Reviews

Start your review of Client-Side Protection Against DOM-Based XSS Done Right

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.