このページは http://www.slideshare.net/HansMichaelVarbaek/xssing-your-way-to-shell の内容を掲載しています。
NOTE: Download the PDF for high-resolution text. (It appears that SlideShare does not handle cust...
NOTE: Download the PDF for high-resolution text. (It appears that SlideShare does not handle custom fonts very well.)
Alternative Med-Res Source: https://speakerdeck.com/varbaek/xssing-your-way-to-shell
Cross-Site Scripting isn’t new, but there is generally a large belief among vendors, corporations and even some hackers that XSS can only be used to conduct client-side attacks such as session hijacking and similar attacks, or with tools such as BeEF.
Location: Thursday 29th May 2014 - 12:15 @ Beurs van Berlage - Amsterdam - Netherlands.
Hans-Michael Varbaek is a Security Consultant at Sense of Security and is an active part of the penetration testing team. He is an IT security specialist, independent researcher, and penetration tester.
Hans has periodically been invited to help out community driven projects such as The Exploit Database (which he participated actively in by e.g. managing their forums and writing blog entries about web application security). Hans has presented about advanced attack methods (e.g. chained exploits) and secure web application development for numerous clients as well.
Along with an IT-Administrator degree, Hans is an Offensive Security Certified Expert (OSCE) and GIAC Penetration Tester (GPEN).