Everyone agrees that Cross-Site Scripting (XSS) is a real threat to browser-based applications, but many underestimate the true power of XSS. In this talk, we take an in-depth look at the consequences of XSS. With practical examples, we illustrate how different payloads target an application. Mindblowing attack scenarios will focus on identity-specific features, such as stealing tokens from web applications. By the end of this session, you will understand the real threat of an XSS vulnerability in your application, allowing you to implement the right defense strategy. About Philippe: Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador/Expert for his community contributions on security of web applications and APIs. ___________________________________________ Learn with Auth0 Try Auth0 for free - https://a0.to/auth0 Upcoming Events - https://a0.to/events The Auth0 blog - https://a0.to/blog Watch Live Streams on Twitch - https://a0.to/twitch Ask questions on the Community Forum - https://a0.to/community ___________________________________________ Follow Us on Social Follow us on Twitter - https://a0.to/twitter Follow us on LinkedIn - https://a0.to/linkedin