New Methods in Automated XSS Detection - Dynamic Testing Without Static Payloads

Explore new methods in automated XSS detection without relying on static payloads in this 41-minute conference talk from AppSecUSA 2015. Delve into dynamic techniques for identifying XSS vulnerabilities, including accurate Stored XSS detection and generation of custom XSS exploits. Compare current automated XSS detection methods with their limitations to innovative dynamic analysis approaches. Learn how to create dynamic custom XSS exploits based on the presented detection methods. Gain insights into various techniques such as payload slam, signature bass, string transformation, unique slugs, and the sandwich method. Examine real-life examples, browser considerations, and key takeaways for practical implementation. Cover input/output handling, GET/POST requests, DOM manipulation, and dynamic payload generation. Conclude with guidance on deploying these advanced XSS detection strategies in your security practices.