" rel="stylesheet">
Skip Main Navigation
Page Content
This event has ended

OWASP Göteborg: Mario Heiderich - XSS, May 16th 2013

OWASP Göteborg

Thursday, May 16, 2013 from 5:30 PM to 9:00 PM (CEST)

OWASP Göteborg: Mario Heiderich - XSS, May 16th 2013

Ticket Information

Type End Quantity
OWASP Member
Ticket is free if you are a member of OWASP mailing list
Ended Free  

Who's Going

Loading your connections...

Share OWASP Göteborg: Mario Heiderich - XSS, May 16th 2013

Event Details

OWASP Göteborg is happy to announce that security expert Mario Heiderich will make a presentation about the history of XSS and another presentation about mXSS. The event will be held in English.

It will be an evening when we all can learn about the new threat mXSS, what can we do to protect us? We want to thank our sponsor Chalmers for the food, drinks and venue. The seats are limited so please make sure to book your seat today!

Become member!

Everyone is welcome to attend and register for the event - you need to be a member in OWASP Gothenburg. It's easy to become a member; all you need to do is to add yourself to the OWASP mailing list.



Mario Heiderich is founder of the German/UK pen-test outfit Cure53 and a Microsoft security contractor. He focuses on HTML5, SVG security, script-less attacks and believes XSS can be eradicated by using JavaScript. Maybe. Some day. Actually quite soon. Mario invoked the HTML5 security cheat-sheet, the Alexa Top 1x search engine Crawly and several other projects. In the remaining time he delivers trainings and security consultancy for larger German and international companies for sweet sweet money and the simple minded fun in breaking things. Mario has spoken on a large variety of international conferences - both academic and industry-focused, co-authored two books, several academic papers and doesn't see a problem in his one year old son having a tablet already. There you have it.

The InnerHTML Apocalypse - How mXSS Attacks change everything we believed we knew so far
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.

XSS from 1999 to 2013: The "Doctrine Classique" of Websecurity
XSS attacks were first documented about 15 years ago. Since then, the
attack technique has undergone an evolution, that resembles the
classic dramatic theory - including catastasis, heroism, villainy and
Now, HTML and JavaScript enter the world of operating systems and the
XSS tragedy is on the verge of becoming a nightmare beyond human
control. The once harmless "alert" is now a black swan of code
execution, the phantom of the browser, Gretchen and Mephistopheles at
the same time.
This talk attempts to go back into the early past and unveil the
causes for XSS, point fingers at the true evil that made the Internet
what it is today, outline our mistakes and the general failure of the
fat-bellied websecurity community and try to leave the hope, that not
all will be lost in the realms of the WWW.


Agenda [ENGLISH]

17:30 Event starts with a light snack and drink. A word from our sponsor Chalmers

18:00 Community update

18:10 Mario Heiderich - The InnerHTML Apocalypse

18.45 Pause

19:00 Mario Heiderich - XSS from 1999 to 2013

19:45 Beer, snacks and some serious security live chat

approx. 21:00 Event ends


Have questions about OWASP Göteborg: Mario Heiderich - XSS, May 16th 2013? Contact OWASP Göteborg

When & Where

Lindholmen Science Park - Pascal, Lindholmen conference center
5 Lindholmspiren

Thursday, May 16, 2013 from 5:30 PM to 9:00 PM (CEST)

  Add to my calendar


OWASP Göteborg

Det lokala chaptret i Göteborg inom Open Web Application Security Project (OWASP)

Att bli medlem är enkelt och gratis - du behöver du bara gå med i mailinglistan.

  Contact the Organizer

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.