Nytro Posted January 10, 2013 Report Posted January 10, 2013 Unraveling Some Of The Mysteries Around Dom-Based Xss Description: AbstractDOM-based XSS was first revealed to the world back in 2005 by Amit Klien, when it was an interesting theoretical vulnerability. In 2012, with the push towards Web 2.0 well into the mainstream, DOM-based XSS has become a very commonly uncovered and exploited vulnerability, but it’s poorly understood.This talk will focus on the full range of issues around DOM-based XSS. It will start with a discussion of the technical details of the vulnerability, the true nature of the risk it introduces (both likelihood and impact), and some new terminology and updated definitions about what truly is a DOM-based XSS vulnerability as compared to the standard Stored and Reflected XSS that the community is well aware of. It will then discuss the difficulties that security analysts face when trying to find DOM-based XSS flaws, and provide recommended analysis techniques that help move DOM-based XSS discovery from an art towards more of a science. And finally, it will discuss simple techniques for avoiding DOM-based XSS issues in the first place as well as how to mitigate issues that are uncovered during a security review.*****SpeakerDave Wichers, COO, Aspect SecurityDave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. He is also a long time contributor to OWASP including being a member of the OWASP Board since it was formed in 2003. | Dave has over 20 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware… Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Unraveling Some of the Mysteries around DOM-Based XSS - Dave Wichers on VimeoSursa: Unraveling Some Of The Mysteries Around Dom-Based Xss Quote
