Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

New Methods in Automated XSS Detection - Dynamic Testing Without Static Payloads

OWASP Foundation via YouTube

Overview

Explore new methods in automated XSS detection without relying on static payloads in this 41-minute conference talk from AppSecUSA 2015. Delve into dynamic techniques for identifying XSS vulnerabilities, including accurate Stored XSS detection and generation of custom XSS exploits. Compare current automated XSS detection methods with their limitations to innovative dynamic analysis approaches. Learn how to create dynamic custom XSS exploits based on the presented detection methods. Gain insights into various techniques such as payload slam, signature bass, string transformation, unique slugs, and the sandwich method. Examine real-life examples, browser considerations, and key takeaways for practical implementation. Cover input/output handling, GET/POST requests, DOM manipulation, and dynamic payload generation. Conclude with guidance on deploying these advanced XSS detection strategies in your security practices.

Syllabus

Introduction
Overview
State of Automated XSS Detection
Key Idea
History
Different Syntax
Techniques
Payload Slam
Signature Bass
completeness
string transformation
unique slugs
sandwich method
detection logic
trace
real life example
browser considerations
key takeaways
practice
input output
getpost
dom
dynamic
dynamic payload
dynamic exploit
bash shell
should deploy

Taught by

OWASP Foundation

Reviews

Start your review of New Methods in Automated XSS Detection - Dynamic Testing Without Static Payloads

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.