3005: Real-world XSS

Document created by tinacostilla on Sep 15, 2012Last modified by tliu on Jul 8, 2014
Version 3Show Document
  • View in full screen mode


Real-world XSS

Speaker: Daniel Miessler, HP

If you’re tired of alert-based cross-site scripting (XSS) demos that fail to convince you there is really a problem, then join us as we explore real-world XSS attacks. We will discuss and demonstrate cookie stealing, prompting for and extracting credentials, and gaining control over victim browsers in order to execute further commands—all using everyday XSS. You’ll come away with a better understanding of one of today’s most commonly exploited security vulnerabilties.