April 26th - 27th, 2014

On breaking Customized JavaScript-based XSS Protections

Cross-Site Scripting --- though at #3 in OWASP ranking but its footprint is everywhere. In this talk, I will discuss the results of a recently conducted survey in which I found XSS in 50% of Alexa's top 100 sites. I will point out common mistakes that developers are doing in the wild, show how easy is to find XSS in top sites and at the same time demonstrate that how vulnerable your customized or home-made JavaScript-based XSS solutions are ...

This contribution is by Ashar Javed

12 Votes