OWASP Göteborg: Mario Heiderich - XSS, May 16th 2013
Thursday, May 16, 2013 from 5:30 PM to 9:00 PM (CEST)
OWASP Göteborg is happy to announce that security expert Mario Heiderich will make a presentation about the history of XSS and another presentation about mXSS. The event will be held in English.
It will be an evening when we all can learn about the new threat mXSS, what can we do to protect us? We want to thank our sponsor Chalmers for the food, drinks and venue. The seats are limited so please make sure to book your seat today!
The InnerHTML Apocalypse - How mXSS Attacks change everything we believed we knew so far
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.
XSS from 1999 to 2013: The "Doctrine Classique" of Websecurity
XSS attacks were first documented about 15 years ago. Since then, the
attack technique has undergone an evolution, that resembles the
classic dramatic theory - including catastasis, heroism, villainy and
XSS tragedy is on the verge of becoming a nightmare beyond human
control. The once harmless "alert" is now a black swan of code
execution, the phantom of the browser, Gretchen and Mephistopheles at
the same time.
This talk attempts to go back into the early past and unveil the
causes for XSS, point fingers at the true evil that made the Internet
what it is today, outline our mistakes and the general failure of the
fat-bellied websecurity community and try to leave the hope, that not
all will be lost in the realms of the WWW.
17:30 Event starts with a light snack and drink. A word from our sponsor Chalmers
18:00 Community update
18:10 Mario Heiderich - The InnerHTML Apocalypse
19:00 Mario Heiderich - XSS from 1999 to 2013
19:45 Beer, snacks and some serious security live chat
approx. 21:00 Event ends
When & Where
Det lokala chaptret i Göteborg inom Open Web Application Security Project (OWASP)
Att bli medlem är enkelt och gratis - du behöver du bara gå med i mailinglistan.