Conference:  Global AppSec San Francisco 2022

Authors: Omar Minawi

2022-11-18

Can’t seem to shake off those XSS bug bounty reports? Interested in exploring a novel XSS attack chain? This session is for you.Tune in to explore a real-life example of a multi-step XSS attack chain that targeted and exploited multiple trust domains. You will get an insight into defense-in-depth and an exciting walkthrough of exploit research and investigation. Lastly, we will tie it all together by evaluating and diving into multiple web security defense-in-depth tactics that could thwart this novel chained attack.