This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Denver May 2008 meeting

Revision as of 17:12, 3 June 2008 by Dc (talk | contribs) (Topic: Cross Site Scripting, Exploits and Defenses)

Jump to: navigation, search

Topic: Cross Site Scripting, Exploits and Defenses

For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary defacement of Barack Obama's website demonstrated the impact of XSS vulnerabilities to the masses.

During this presentation, we demonstrated exactly how effective XSS vulns can be, and showed you what you can do to protect yourself and your sites.

The practicalities of doing live-demos meant that each night we had one demo fail. At Denver it was the live session stealing demo against a production website. In Boulder it was the browser-based botnet.

Nevertheless, we hope that you found the presentations interesting, and the interactive format a welcome change.

Slide deck

Note that alot of the content is hidden in the speakers notes of the presentation, which we need to sanitize a bit to protect to guilty prior to posting.


Chapter leaders David Campbell and Eric Duprey presented on the emerging threat of cross site scripting (XSS) vulnerabilities.

David Campbell is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large multinational financials to consulting for government agencies. DC is presently head of security engineering for Raytheon Polar Services, and is also on the board of directors of Psiframe Inc., a San Francisco based security consultancy.

Eric Duprey is a Senior Security Engineer for Dish Network Corporation.