Black Hat USA 2013 - The Web IS Vulnerable: XSS Defense on the BattleFront

By: Greg Wroblewski & Ryan Barnett

Cross-site scripting issues remain a big problem of the web: using a combination of big data mining and relatively simple detection methods, we have identified attackers successfully exploiting XSS flaws on over 1,000 vulnerable pages on hundreds of websites, spanning multiple countries, types of organizations, all major TLDs, and well known international companies. We also found numerous malicious attacks of different severity leveraging existing XSS vulnerabilities.

In this talk first we summarize our findings, presenting both unusual cases and various statistics, and then we follow up with present state-of-the art methods of protection from probing for XSS vulnerabilities and XSS attacks, showing that they are capable of intercepting over 95% of the real-world malicious samples. We will also introduce a new research tool called detectXSSlib, which is a lightweight module for nginx server dedicated to real-time detection of XSS attacks.

Black Hat USA 2013 - The Web IS Vulnerable: XSS Defense on the BattleFront blackhat 2015
1 Likes	1 Dislikes
401 views views	117K followers
People & Blogs	Upload TimePublished on 2 Dec 2013

Related keywords

1. black mirror season 5
2. infosec news
3. information security manager
4. blackhat asia 2019
5. blackhat 2019
6. infosec twitter
7. blackhat 2018
8. briefings on apcs
9. black hat seo technique
10. blackhat europe
11. briefings on hospital safety
12. blackhat badger sekiro
13. blackmart
14. briefing creativo ejemplo
15. briefings from goldman sachs
16. black hat x reader
17. black hat cartoon
18. black hat x dr flug
19. cyber securityとは
20. briefings dcuo
21. briefing samsung
22. blackhat conference 2019
23. cyber security cloud
24. black rose
25. briefings on accreditation and quality
26. black hat full movie
27. briefings in bioinformatics abbreviation
28. black clover
29. briefing source
30. blackhat badger
31. blackhat forum
32. information security foundation 勉強
33. infosec rotkreuz
34. cyber security framework
35. information security policy template
36. infosecurity utrecht
37. infosec ups system
38. cyber security news
39. cyber security act
40. briefings synonym
41. infosecurity
42. blackhat full movie
43. briefing ejemplo
44. infosec blog
45. black hat badger
46. information security foundation 参考書
47. information security management system
48. briefing definicion
49. cyber security conference
50. briefings on hipaa
51. briefings in bioinformatics impact factor
52. black hat seo
53. cyber security pro
54. black hat movie
55. black background
56. blackhat imdb
57. blacklist
58. briefing que es
59. infosec podcast
60. black hat cast
61. briefing noticias
62. cyber security pro 新しいネットワークが検出されました
63. cyber security cloud managed rules
64. black panther
65. briefings app
66. cyber security measures
67. briefing pdf
68. information security governance
69. infosec global
70. black mamba
71. infosecurity europe 2020
72. briefings for brexit
73. infosec health
74. blackpink
75. blackberry z10
76. infosec magazine
77. information security 日本語
78. infosec 19
79. black hat anime
80. briefings in functional genomics
81. information security foundation
82. infosecurity magazine
83. briefing en aviacion
84. cyber security tokyo
85. black hat meaning
86. briefings on coding compliance strategies
87. black hatch
88. information security definition
89. briefings magazine
90. briefings in real estate finance
91. black hole
92. briefings media group
93. information security pdf
94. infosec europe 2019
95. cyber security market
96. briefing de marketing
97. briefing app
98. infosec institute
99. black mirror
100. infosec 2019 london
101. information security foundation 難易度
102. black hatch gamefowl
103. briefing book
104. cyber security management system
105. briefing publicitario
106. black wallpaper
107. information security certifications
108. blackhat film
109. cyber security pro アンインストール
110. briefing marco creativo
111. briefing on the joint commission
112. information security specialist
113. briefing y debriefing en salud
114. cyber security 意味
115. black magic
116. cyber security analyst
117. briefing de negocio
118. black widow
119. blackberry fruit
120. black shark 2
121. briefing de seguridad
122. briefing aplicacion
123. information security policy
124. black hat usa 2019
125. information security forum
126. briefing creativo
127. information security news
128. briefing traductor
129. http://briefing.com
130. infosec conferences
131. information security officer
132. infosekta
133. black man
134. cyber security japan
135. blackhat trailer
136. information security analyst
137. blackberry phone
138. cyber security university
139. black hat hacker
140. black hat forum
141. cyber security company
142. black hat hacking
143. black hat villainous
144. blackhat conference
145. briefings definition
146. blackberry
147. information security foundation based on iso/iec 27001
148. blackhat usa
149. cyber security report
150. blackhatworld
151. black hat x demencia
152. briefing marca personal
153. information security management
154. blackhat cast
155. black hat 2019
156. infosec reactions