Defeating Application Defenses Through XSS

BSidesROC 2017

Presented by: Matt Metzger
Date: Saturday April 22, 2017
Time: 09:30 - 09:50
Location: Track 3

A live demonstration of how a single Cross Site Scripting vulnerability can be exploited to bypass multiple types of defenses within an application.

Matt Metzger

Matt Metzger’s passion for application security started as a hobby poking around in places he shouldn’t and responsibly disclosing application vulnerabilities. Somehow that segued into a career building e-commerce applications, automated testing frameworks, and everything in between. He is currently an Application Security Engineer at PhishMe.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats