Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn advanced Cross-Site Scripting (XSS) exploitation techniques and Web Application Firewall (WAF) bypass methods in this 55-minute conference talk from Ekoparty Security Conference. Master the art of evading security mechanisms by exploring how major vendor WAFs were consistently bypassed and discover the sophisticated techniques used to exploit the web's most common vulnerability. Begin with a foundational recap of basic XSS exploitation and bug reporting methodologies before diving into "easy wins" - simple yet highly effective bypass techniques that demonstrate common mistakes made by security implementers. Examine the core principles and advanced tricks used to circumvent most filtering mechanisms, gaining insight into the methodologies that make filter evasion possible. Explore a newly developed tool designed to create unique payloads specifically for filter and WAF evasion, reinforcing the practical application of techniques discussed throughout the presentation. Gain expertise in web application security research methodologies, understand the vulnerabilities in current mitigation strategies, and develop skills in creating custom exploitation payloads for penetration testing and bug bounty hunting.
