Blackbox Reversing Of Xss Filters (Recon 2008)

Description: This is the video of the presentation titled "<span style="font-weight: bold;">Blackbox Reversing of XSS Filters (Recon 2008)</span>" given by Alexander Sotirov at Recon 2008.<br><br>Many of us limit ourselves to what we already know and don't look for new challanges. I've spent a long time reversing x86 code, but there are a lot of other interesting targets out there. Cross site scripting vulnerabilities and web security in general are perceived to not be interesting enough for hardcode reversers, but this talk aims to dispel this notion.<br><br>We all know that web apps are the future, but where do we, reversers, fit in this brave new world? I will present the challenges of blackbox reversing and the beauty of reconstructing complicated algorithms based on nothing but some well chosen inputs and outputs. I will demonstrate the tools I've written to make this easier and perhaps drop a few 0days as well :-) <br><br>You can download a high resolution version of the video here. The slides for the presentation are available here. Refltr 1.0 can be downloaded here. <br><br><br><style type="text/css">body { background: #FFF; } </style> </div>

Tags: basics ,





Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.