RVAsec Deep Dive: React DOM XSS Hand-on Lab

** You must be registered to attend this event. **

Summary:
XSS in modern React apps isn't gone, it's just hiding in new places. In this workshop, we'll expose how React createElement can be your way in. We'll walk through several React DOM XSS lab scenarios based on real bug bounty findings from vulnerable applications in the wild. You'll see how untrusted input can make its way from a variety of realistic sources to a React createElement sink, leading to exploitable XSS, even in apps built with frameworks like Next.js. These labs are realistic, grounded in actual bugs, and designed to sharpen your ability to spot and exploit DOM XSS in the kinds of apps bounty hunters hit every day.

Location:

• MPM Tiki Bar
• 2451 Old Brick Rd, Glen Allen, VA 23060
• We are in the back private room.

Agenda:

• 5pm to 6pm - Arrival and social
• 6pm to 6:45pm - Presentation/Lab Part 1
• 6:45 to 7pm - Break
• 7pm to 7:45pm - Presentation/Lab Part 2
• 7:45pm - Questions and social

Requirements:

• Need to bring a laptop with Chrome installed
• Ensure your laptop is fully charged ahead of time

Capcity:

• We think we have 30 seats. If you sign up, please show up and if something comes up, no problem but please cancel or update ASAP so someone else can take the spot.