Last weekend (13. – 15. October 2006) I had a talk at a small security conference in Switzerland called 0sec where the organizer was my employer the Dreamlab Technologies Ltd.

My talk was named “The Future of XSS” and I think I’ve done my part there well, especially if I think about the fact that this was my first talk which wasn’t in German (it was in English).

I had multiple reasons for talking about a topic like this. For example: Actuality of XSS related stuff, I’ve done a lot of research in the topic of XSS in the past, most people (also security professionals) don’t know how dangerous XSS could be and of course because I love this attack class

During my presentation I went through the whole topic, including also some XSS-Related attacks like backdooring files or talking about an attack called “Cross Site Authentication” (XSA). All in all, I think there were some interesting stuff I talked about and especially people who didn’t deep research in the topic get much new input for doing there own stuff.

Of course I put my slides online and you can download it here:
The Future of XSS

I’ll also release my XSS-Toolkit in a few days (I hope ) which I used to show some demos during the talk but first I’ll have a look on the newest version of pdp’s Attack API because the I can include also some stuff he did or replace some stuff of mine.

I think the most interesing thing I presented during the talk was an automatic XSS vulnerability scanner I wrote but I think I should write an extra post for it.