logo

Client-Side JavaScript from your nightmares: Multi-step XSS attacks and defenses

2022-11-18

Authors:   Omar Minawi


Abstract

Can’t seem to shake off those XSS bug bounty reports? Interested in exploring a novel XSS attack chain? This session is for you.Tune in to explore a real-life example of a multi-step XSS attack chain that targeted and exploited multiple trust domains. You will get an insight into defense-in-depth and an exciting walkthrough of exploit research and investigation. Lastly, we will tie it all together by evaluating and diving into multiple web security defense-in-depth tactics that could thwart this novel chained attack.

Materials:

Post a comment

Related work