Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides.
XSS is dead? It's 2019 and we still don't get it.
XSS is more than twenty years old by now and appears to still be alive
basis and bug bounty programs are drowning in submissions.
And that is all despite our great efforts to get rid of this
vulnerability class from each and every thinkable angle. What didn't we
try to solve it. No?
This talk will be an hour-long rant, paired with a stroll through the
history of XSS and related issues. We will go back into the year 1998
and see how it all started, how things developed, what we tried to do
against it and how hard we failed every single time. We will also look
at the future and predict what is about to happen next.
OFFENSIVE HTML, SVG, CSS AND OTHER BROWSER-EVIL