Here is the talk I gave at the Columbus OWASP chapter’s last quarterly meeting.
Abstract:
Cross-site scripting vulnerabilities are often given a low priority or simply ignored all together. Meanwhile, JavaScript malware has gotten progressively more sophisticated and malicious. JavaScript traveling over HTTP gets inside of your perimeter with ease, and everything inside is web enabled. XSS vulnerabilities are the enabler that allows this malware to be injected into any web application, making it so there is no such thing as a trusted website. XSS can lead to website defacement, session hijacking, user impersonation, worms, phishing scams, browser trojans, Intranet attacks, and more!
This talk will educate the listener to the woes of XSS. At the intersection of web application security and pop psychology, it will arm you with the tools to raise awareness among your application developers and socially engineer them into fixing those pesky web app bugs.
Pictures taken by Bill Sempf.
