Talk

Beating the Sanitizer: Why you should add mXSS to your Toolbox

April 26, 14:30 (GARDEN)

Cross-Site Scripting (XSS) attacks and their risks to web applications are well-known. However, a lesser-known variant called mutation XSS (mXSS) has emerged over the last few years, adding a new dimension to this vulnerability type. This talk explores the underlying mechanisms and techniques mXSS uses to bypass security measures.

We will present real-world case studies of impactful mXSS vulnerabilities in popular applications, highlighting potential consequences like data leakage, account compromise, and remote code execution.

Participants gain a comprehensive understanding of mXSS, its root causes, and its impact on web application security. We will equip the audience with the knowledge on how to protect against mXSS attacks, and how to exploit it in real-world applications.

Speaker

ins-dummy-speaker

Paul Gerste & Yaniv Nizry


Yaniv Nizry (@YNizry) is a Vulnerability Researcher at Sonar where he leverages his expertise to identify and mitigate vulnerabilities in complex systems. Starting his way as a software engineer, he shifted his focus while serving in the IDF's 8200 unit, where he gained experience in both offensive and defensive cybersecurity tactics.

Organized by

Technology partners

Partner events

Scroll to Top