Benedek Gagyi

Staff Software Engineer at Shopify

XXSS: Exotic Cross-Site Scripting Vectors

XSS is one of the most well known attacks on the web, perhaps second only to SQL Injection. While the general idea behind it is relatively simple, due to the colorfulness of the web and the quirks of the browsers, it has a surprising depth to it.

In this talk we’ll journey deep down the rabbit hole of XSS attacks and take a look at all the weird ways malicious inputs may hurt our users, from the non-JS based injections (CSS, HTML, image) through mXSS, up to blind XSS.

About Benedek

Developer, teacher, sports-fanatic. In his free time, he's researching the patterns and algorithms connecting basketball, tea, BJJ and drums. His devotion to impeccable and secure user experience is rivaled only by his constant search for the perfect brew of Chinese puerh.

View the Agenda