Benedek Gagyi photo

Benedek Gagyi

Software Engineer at Cloudera
BenedekGagyi

XXSS: Exotic Cross-Site Scripting Vectors

XSS is one of the most well known attacks on the web, perhaps second only to SQL Injection. While the general idea behind it is relatively simple, due to the colorfulness of the web and the quirks of the browsers, it has a surprising depth to it.

In this talk we’ll journey deep down the rabbit hole of XSS attacks and take a look at all the weird ways malicious inputs may hurt our users, from the non-JS based injections (CSS, HTML, image) through mXSS, up to blind XSS.

About Benedek

Developer, teacher, sports-fanatic. As a developer, he's working on making password management more secure at LastPass. In his free time, he's researching the patterns and algorithms connecting basketball, tea and drums. His devotion to impeccable and secure user experience is rivaled only by his constant search for the perfect brew of Chinese pu'er.

Want to see Benedek's talk?


Grab Your Ticket