Can’t seem to shake off those XSS bug bounty reports? Interested in exploring a novel XSS attack chain? This session is for you.Tune in to explore a real-life example of a multi-step XSS attack chain that targeted and exploited multiple trust domains. You will get an insight into defense-in-depth and an exciting walkthrough of exploit research and investigation. Lastly, we will tie it all together by evaluating and diving into multiple web security defense-in-depth tactics that could thwart this novel chained attack.

Global AppSec San Francisco returns November 14-18. Designed for private and public sector infosec professionals, the two day OWASP conferences equip developers, defenders, and advocates to build a more secure web. We are offering educational 1-day, 2-day, and 3-day training courses on November 14-16 and the conference days immediately following on November 17-18. Join us for leading application security technologies, speakers, prospects, and community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.

Client-Side JavaScript from your nightmares: Multi-step XSS attacks and defenses

Conference: Global AppSec San Francisco 2022

Authors: Omar Minawi

Abstract

Post a comment

Related work