Cross Site Scripting Scanning

To view the full lecture on video, click "Here".

• What The News
• General information
  • When & Where
  • Tickets
  • Travel
  • FAQ
  • Thanks to ...
  • Contact
  • Forum (old site)
• Camping
  • Map of WTH
  • Weather
  • Hotels
  • Facilities
  • Campsite locations
• Participate
  • Volunteers
  • Villages
  • Projects
• Conference program
  • Schedule Day 1
  • Schedule Day 2
  • Schedule Day 3
  • Schedule Day 4
  • Events
  • Speakers
  • iCal
• Other
  • Photos
  • Press Reviews

Abstract

Cross Site Scripting (XSS) is a common vulnerability on the web these days.The presentation starts off with an introduction to XSS with some examples.

What is the problem?
- Untrusted data gets inserted into web pages.
How is it exploited?

• JavaScript Insertion
• Phishing attacks
• "Defacements"
• Social Engineering

What do web developers need to know about XSS?

• Filter untrusted data
• Use perl's taint mode

Introduction of a new, free XSS tool first released at WHATTHEHACK

What is it?
- A XSS vulnerability scanner that helps to automate the process of looking for XSS vulnerabilities.

How do I use it
- Come to the talk...

What do I do once a vulnerability is found?
- Fix your site!
- It wasn't your site? Exploit or report it! ;-)

Q&A session

Target audience:

• Web developers,
• penetration testers

All code shown during the talk is in perl and JavaScript. Some knowledge of perl and JavaScript is recommended.

Speakers

• Sven Neuhaus

Schedule

Informations