SHARE

Title: User Input Piercing for Cross-Site Scripting Attacks
Presenter:  Matias Blanco, exploit writer
Date and Time: November 12, 2009 at 5:30pm
Location: Walter E. Washington Convention Center, Washington, DC
Link to event: http://www.owasp.org/index.php/OWASP_AppSec_DC_2009

Overview:

This paper presents algorithms and techniques for performing user input piercing on a web application. We also introduce a heuristic to determine if a given cross-site scripting attack will effectively execute scripting code on the compromised browser. In addition, an algorithm to detect the need of encoding techniques will be presented.

• View the research paper

Learn more about our security testing software solutions.

• Corporate Overview

Latest Press Releases

• CORE Impact Pro Automates Endpoint OS & Application Vulnerability Assessment and Penetration Testing

• CORE Security Joins HP Enterprise Security Technology Alliances Program

Latest In the News

• Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

• Microsoft's 'Patch Tuesday' For May Approaches

Upcoming Webcasts

• Register for a live security testing webcast or watch archived webcasts

Upcoming Events

• Black Hat USA

• SANSFIRE

Press Contacts

Vaughn Harring
Core Security
(617) 645-4322
vharring@coresecurity.com

David Seuss
Core Security
(617) 388-7775
dseuss@coresecurity.com

Lisa Mokaba
Inkhouse
781-966-4108
core@inkhouse.net