File:Advanced XSS.pdf

"Basic Cross-site scripting (XSS) attacks are well understood and easy to defend from. Yet, there still are XSS flaws being found on high-profile sites like mozilla.org and google.com. Join me in a short talk about advanced techniques showing the reasons for some good design practices. We will discuss defensive mechanisms, bad design choices and behaviour of browsers. After the talk you will be given the chance to test your skill in 5 challenges putting you in the role of an attacker"

Munich, OWASP Stammtisch in June 2013