DESCRIPTION

Do you know how hackers evade security controls in the web? Specifically for Cross-Site Scripting (XSS) vulnerabilities? If not, that talk is definitely for you! XSS is a core web vulnerability since it deals with the injection of the code that made the modern web possible: Javascript. The power of that code can be very devastating for any user or the entire application! Starting with some basics of modern XSS proofing to warm you up, we will dive (with real world examples) into the techniques used to evade validators, filters and WAFs (Web Application Firewalls) in usually simple but always elegant ways that really resembles an art: the art of bypass.

WHY THE COMMITTEE CHOSE THIS TALK

XSS is often underestimated. In times of complex JS frameworks next level XSS poses more of a threat than ever.

SPEAKER

Rodolfo Assis