Online version

Talk detail

They say “there's an app for that”. But there's also a framework for that! Let's say you have a JavaScript and you want to run it in unsuspecting user's browser (read Cross-Site Scripting). BeEF, The Browser Exploitation Framework, can make it a piece of cake. Content Security Policy, the archenemy of Cross-Site Scripting, leveled up, so let's go through what's new in CSP 3.

Content Security Policy demo pages:

Date and event

30. 5. 2017, OWASP Czech Chapter Meeting (talk duration 60 minutes)

Česky