Building Advanced XSS Vectors
BruteLogic at BSides Boston 2016
In the modern web, with heavy use of client side processing and security guards like WAFs and XSS-aware browsers, XSS exploitation became much more clever and dangerous as it was never before.
In this talk we will see how to build modern and advanced XSS vectors and the scenarios involved to give rise to them. We will also see the use of webGun, a tool designed to help testers to build complex payloads to test them in live targets.
Brute Logic is a world-class security researcher for finding Cross Site Scripting vulnerabilities, reaching the #1 spot on openbugbounty.org (formerly xssposed.com). He currently works at Sucuri testing their WAF. He publishes tips, tricks and tools at his protected twitter account @brutalsecrets.
In this talk we will see how to build modern and advanced XSS vectors and the scenarios involved to give rise to them. We will also see the use of webGun, a tool designed to help testers to build complex payloads to test them in live targets.
Brute Logic is a world-class security researcher for finding Cross Site Scripting vulnerabilities, reaching the #1 spot on openbugbounty.org (formerly xssposed.com). He currently works at Sucuri testing their WAF. He publishes tips, tricks and tools at his protected twitter account @brutalsecrets.