Bypassing Chrome’s XSS Auditor – Paul’s Security Weekly #561

May 25, 2018

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog. Why it’s dangerous to put sensitive information to your javascript files. Way developers hide secret variables. Full Show Notes: https://wiki.securityweekly.com/Episode561 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Full episode and show notes

Host

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Vulnerability management

Security vs. Operations – Balancing the Risk – Ross Leo – CSP #114

March 21, 2023

The role of CISO is one filled with challenges and decisions. Frequently, a CISO is faced with having to decide in compromise with Operations, in favor of Operations. This can be a very difficult and risky choice to make - but the ideal of having both get 100% of what they want, or need is not realistic. How to do this? In this session, we discu...

Managed services

Is Regulatory Compliance Governing Your Toolsets and Policies? – CFH #13

March 21, 2023

To what extent should compliance with privacy and security frameworks -- whether imposed by government bodies or industry standard organizations -- be the decisive factor when MSSPs choose their tech stacks and craft their threat defense strategies? Meanwhile, are would-be MSSP customers deciding which managed services provider to hire largely base...

Managed services

Helping Your Managed Services Clients Build Their Own Security Culture – Ryan Jamieson – CFH #13

March 21, 2023

Security is a shared responsibility between MSSPs and their clients. Yes, the provider was hired to do a job -- be it SOC operations, threat intelligence or offensive security -- but part of the job is also to consult and communicate with the client to help them gain some degree of cyber self-sufficiency. This discussion will reveal how providers c...

Bypassing Chrome’s XSS Auditor – Paul’s Security Weekly #561

Host

Related

Security vs. Operations – Balancing the Risk – Ross Leo – CSP #114

Is Regulatory Compliance Governing Your Toolsets and Policies? – CFH #13

Helping Your Managed Services Clients Build Their Own Security Culture – Ryan Jamieson – CFH #13