DOM-Based XSS

DOM-Based XSS

John Steven John Steven

John Steven

Published Aug 18, 2015
+ Follow

Industry (dynamic) assessment almost always remains blind to the wealth of client side functionality modern applications contain. Be it locally databased client information, state (DOM) manipulation, or scripted requests driving further server interaction, tools overlook this important functionality. Static analysis has not been an effective supplement to this dynamic analysis gap because they struggle to cobble together and model how client-side Javascript might behave. 

In this paper, Ksenia and Travis explore this important exposure in pursuit of how testing might improve to address it. sws.ec/1IYz8Vb 

Erin Steven 10y

Hey, I know that design.

Like
Reply
David Cleckley 10y

Want to send this to me without having to sign up for marketing spam?

Like
Reply
Tom Brennan 10y

link is broken..

Like
Reply
John Steven 10y

Great work on this paper Ksenia Dmitrieva

Like
Reply
See more comments

To view or add a comment, sign in

More articles by John Steven

  • The (de)Evolution of OWASP
    Feb 27, 2023

    The (de)Evolution of OWASP

    There’s consensus that the OWASP community hasn’t effectively evolved. It isn’t controversial to assert the community…

    14 Comments
  • Foundations of a DevOps Capability
    Apr 27, 2018

    Foundations of a DevOps Capability

    Confused about what DevSecOps entails? You're not alone: many use the term almost interchangeably along with agile and…

    3 Comments
  • Differentiating Agility, CI/CD, and DevOps
    Apr 2, 2018

    Differentiating Agility, CI/CD, and DevOps

    3 Different Tools for Building Your Practice You couldn’t build a house with a single tool. Nor can you enable your…

    6 Comments
  • OWASP Top10 RC2 -- Is it fixed!?
    Nov 7, 2017

    OWASP Top10 RC2 -- Is it fixed!?

    A7 and A10 have been removed from the OWASP Top10 2017 RC2. Two legacy items were merged, one was dropped, and three…

  • A Sea Change in Pop-Culture's Understanding of Security
    Jan 9, 2016

    A Sea Change in Pop-Culture's Understanding of Security

    Something special happened on Thursday that is very easily overlooked. Marketplace, an American Public Media program…

  • Stop Fighting Yesterday's Security Wars
    Apr 27, 2015

    Stop Fighting Yesterday's Security Wars

    Read the SD Times article in which I speak about why AppSec's focus on piling up bugs hasn't created anything other…

    1 Comment
See all articles

Explore content categories