惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
S
Secure Thoughts
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
News | PayPal Newsroom
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
S
Security @ Cisco Blogs
宝玉的分享
宝玉的分享
Hacker News: Ask HN
Hacker News: Ask HN
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
TaoSecurity Blog
TaoSecurity Blog
Help Net Security
Help Net Security
Latest news
Latest news
NISL@THU
NISL@THU
S
Security Affairs
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
AI
AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Recent Announcements
Recent Announcements
P
Privacy & Cybersecurity Law Blog
小众软件
小众软件
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
博客园 - 司徒正美
AWS News Blog
AWS News Blog
W
WeLiveSecurity
Google DeepMind News
Google DeepMind News
I
InfoQ
Schneier on Security
Schneier on Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
The Exploit Database - CXSecurity.com
IT之家
IT之家
T
Threatpost
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
腾讯CDC
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
H
Heimdal Security Blog
S
SegmentFault 最新的问题

Mike West

Web Platform Security @ CMS Security Summit 2020 Frontend Security - Frontend Conference, Zürich 2013 Debugging runtime errors with Securing the Client Side Content Security Policy: Feature Detection Chrome connects to three random domains at startup. Nerdy New Year Making Your Web Apps Accessible Using HTML5 and ChromeVox GDD Keynote: The HTML5 Demos
XSS (No, the _other_
Mike West · 2013-09-24 · via Mike West

I had the distinct pleasure of talking with folks at this year’s CSSConf EU about the dangers of content-injection attacks. They’re not just for JavaScripters, you see: CSS is dangerous too! They’ve just posted the video, and I think it’s worth a little under a half-hour of your time to skim through. You’ll be shocked to learn that Content Security Policy makes an appearance.

Credit is due to Mario Heiderich, et al. for their excellent paper “Scriptless Attacks - Stealing the Pie Without Touching the Sill”, from which I stole much of the attack-based content. Awesome stuff.

Transcript is coming, but for now, please do enjoy the embedded video and slides below:

Video

The video is 29m long, and up on YouTube for your viewing enjoyment.

Slides

The slides are up on Speaker Deck (which is awesome), and I actually used Speaker Deck to present the slides from someone else’s laptop since my computer decided not to connect to the conference’s projector. I love you, Speaker Deck!

Transcript

Coming soon!