Cross-Site Scripting (XSS) attacks and their risks to web applications are well-known. However, a lesser-known variant called mutation XSS (mXSS) has emerged over the last few years, adding a new dimension to this vulnerability type. This talk explores the underlying mechanisms and techniques mXSS uses to bypass security measures.
We will present real-world case studies of impactful mXSS vulnerabilities in popular applications, highlighting potential consequences like data leakage, account compromise, and remote code execution.
Participants gain a comprehensive understanding of mXSS, its root causes, and its impact on web application security. We will equip the audience with the knowledge on how to protect against mXSS attacks, and how to exploit it in real-world applications.