Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore the critical vulnerabilities in client-side XSS filtering through this comprehensive Black Hat conference talk. Delve into an in-depth analysis of Chrome's XSS Auditor, uncovering 17 flaws that enable bypassing its filtering capabilities. Learn about a tool for automatically generating XSS attacks that exploit these vulnerabilities. Examine the results of a practical, empirical study testing the Auditor's protection capabilities against thousands of DOM-based zero-day XSS vulnerabilities in top websites. Discover how the XSS filter was successfully bypassed on the first attempt in over 80% of vulnerable web applications. Gain insights into potential future improvements for client-side XSS filtering based on the presenters' analysis and experiences in bypass generation. Enhance your understanding of web security and stay ahead of emerging threats in this 55-minute presentation by Martin Johns, Ben Stock, and Sebastian Lekies.
