[CSSconf.eu 2013] Mike West – XSS. (No, the _other_ "S")
iSpeech
CSSconf.eu - http://cssconf.eu - Berlin, September 13, 2013
Slides: https://speakerdeck.com/mikewest/xss-no-the-other-s-cssconf-eu-2013
Talk description: "Cross-site scripting attacks are dangerous, and common enough that you're all probably familiar with them. Unfortunately that last word, "scripting", has ensured that our collective understanding of injection attacks remains fundamentally tied up with JavaScript. Cross-site _styling_ is actually more capable than you might expect; it's quite possible to exfiltrate sensitive data (like passwords!) without any script at all. This talk will walk through some of the cleverly malicious activity that CSS makes possible, and discuss some mechanisms for mitigating the risk that your sites and applications might be effected."
License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances.
2013-09-24 10:27:51
source
Gloss