Cross Site Scripting - Beyond Alert(1)

DC401
DC401
Public group
Location image of event venue

Details

After last month's dive into Burp Suite and web application testing, let's take a look at one of the most common web application vulnerabilities.

Cross-Site Scripting (XSS) continues to be one of the most common web application vulnerabilities. This presentation includes a brief introduction to XSS before diving in to how to create XSS payloads that demonstrate the real risk to developers and managers far better than a simple alert() popup; Mitigation using Content Security Policy (CSP); Bypassing filtering and weak CSP; Introduction to the Browser Exploitation Framework (BeEF), and introduces a customized BeEF Docker image that will help you to discover and exploit stored XSS in back-end systems.

Steve Campbell is a retired Navy veteran, Security Consultant, and a researcher with over fourteen years of experience in information technology and security. Steve specializes in Web Application, Internal, External, and Wireless Network Penetration Testing. Steve has performed penetration testing engagements on various major enterprises such as Fortune 500, government institutions, banking, finance, healthcare and insurance, e-commerce, legal, and electric utilities. Steve got started in hacking by finding an Insecure Direct Object Reference (IDOR) vulnerability in a DoD website from a printed form.

Hosted and sponsored by the Tech Collective. https://tech-collective.org