Got Your Nose - How to Steal Your Precious Data Without Using Scripts

Explore advanced web security threats in this 49-minute Hack in Paris conference talk. Delve into sophisticated attacks that bypass traditional cross-site scripting (XSS) protections and JavaScript-based security measures. Discover how attackers can exploit markup tricks to steal sensitive data, including plain-text passwords and CSRF tokens, without executing any JavaScript. Learn about self-spying emails and other malicious techniques that operate beyond the scope of conventional anti-XSS solutions. Gain insights into why disabling scripts and eliminating XSS may no longer provide adequate protection against these emerging threats.