CSSConf EU 2013

Video recording and production by CSSConf

Cross-site scripting attacks are dangerous, and common enough that you're all probably familiar with them. Unfortunately that last word, "scripting", has ensured that our collective understanding of injection attacks remains fundamentally tied up with JavaScript. Cross-site _styling_ is actually more capable than you might expect; it's quite possible to exfiltrate sensitive data (like passwords!) without any script at all. This talk will walk through some of the cleverly malicious activity that CSS makes possible, and discuss some mechanisms for mitigating the risk that your sites and applications might be effected.

Rated: Everyone
Viewed 11 times
Tags: There are no tags for this video.