Hackers of India

XSS - The art of evading web application filters!

By  Anirudh Anand  on 05 Nov 2015 @ Ground Zero Summit

Abstract

Web Applications, nowadays, depend heavily on filters or escaping methods. But just as creating filters is easy so is bypassing them. With this talk the speaker will discuss XSS in different context: html, script, attributes URL and style. Displays the technique of bypassing various regular expression filters in the context of XSS, and also PHP functions like htmlspecialcharacters(), htmlentities(), strtoupper(), strip_tags() for possible XSS. At the end of the talk the speaker will be releasing XSS labs, a fully fledged XSS test bed for security professionals and developers with over 50+ different challenges and filter evasion techniques.