Common XSS misconceptions - Q&A
Everyone agrees that Cross-Site Scripting (XSS) is a real threat to browser-based applications, but many underestimate the true power of XSS. In this talk, we take an in-depth look at the consequences of XSS. With practical examples, we illustrate how different payloads target an application. Mindblowing attack scenarios will focus on identity-specific features, such as stealing tokens from web applications. By the end of this session, you will understand the real threat of an XSS vulnerability in your application, allowing you to implement the right defense strategy.