This document contains a list of 665 cross-site scripting (XSS) payload examples that can be used to exploit XSS vulnerabilities. The payloads use various encoding techniques to inject JavaScript code, such as using Unicode encoding, special characters, and modifying HTML tags, to execute alerts and steal cookies. The payloads target different attributes and events across various HTML elements like <script>, <img>, <iframe>, and <svg> to trigger the malicious code.
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
Presentation slides of Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified At XSS by Rafay Baloch. Ask all your question's related to the webcast here http://goo.gl/Vv10hJ. Don't forget to leave you feedback here https://goo.gl/YrBeic.
Most developers have some experience with jQuery, but few of them understand the principles of Javascript and how to write and debug Javascript code. This session will cover best practices for writing object-oriented Javascript, benchmarking, and debugging.
A short introduction to Require.JS and JavaScript loaders with a healthy amount of LOLCats sprinkled in. Used as an internal presentation to help teams modularize javascript applications. Try opening the presenter view & looking at notes (I leave the presentations pretty bare)
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
Presentation slides of Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified At XSS by Rafay Baloch. Ask all your question's related to the webcast here http://goo.gl/Vv10hJ. Don't forget to leave you feedback here https://goo.gl/YrBeic.
Most developers have some experience with jQuery, but few of them understand the principles of Javascript and how to write and debug Javascript code. This session will cover best practices for writing object-oriented Javascript, benchmarking, and debugging.
A short introduction to Require.JS and JavaScript loaders with a healthy amount of LOLCats sprinkled in. Used as an internal presentation to help teams modularize javascript applications. Try opening the presenter view & looking at notes (I leave the presentations pretty bare)
Derek Willian Stavis (Pagar.me)
Todo mundo diz que Webpack é só um module bundler. Mas o que é um módulo? O que é um bundler? Porque precisamos disso? Vamos caminhar pela história do desenvolvimento web para entender estes conceitos, e no final vamos dissecar a configuração e o output do Webpack para entendermos como ele funciona e como ele pode facilitar o seu processo de desenvolvimento.
Vale do Carbono Conference
Webpack is just a module bundler, they said. What they didn't say is why we need it, and what was the motivation that made us achieve what Webpack have been doing for us. In this talk we will navigate through the years of front-end development, ranging from 2003 to nowadays to understand this, and in the end, we will walk thought a complete Webpack project to understand how it works.
JavaScript, as it is today, is an insecure language. We need to understand it's shortcomings to improve the security of our applications to protect our users.
StHack 2014 - Mario "@0x6D6172696F" Heiderich - JSMVCOMFGStHack
There is a way to build common, classic web applications. You know, servers, databases, some HTML and a bit of JavaScript. Ye olde way.
Grandfather still knows. And there is a way to build hip and fancy, modern and light-weight, elastic and scalable client-side web applications. Sometimes with a server in the background, sometimes with a database ? but all the hard work is done by something new: JavaScript Model-View-Controller and templating frameworks.
Angular, Ember and CanJS, Knockout, Handlebars and Underscore? those aren't names of famous wrestlers but modern JavaScript fame-works that offer a boost in performance and productivity by taking care of many things web-app right there in the browser, where the magic happens. And more and more people jump on the bandwagon and implement those frameworks with great success. High time for a stern look from the security perspective, ain't it not?
This talk will show you how those frameworks work, how secure their core is and what kind of security issues spawn from the generous feature cornucopia they offer. Do their authors really know the DOM well enough to enrich it with dozens of abstraction layers? Or did they open a gate straight to JavaScript hell introducing a wide range of new injection bugs and coding worst-practices? Well, you'll know after this talk. You'll know?
INTERAKTIVE SLIDES:
http://johanneshoppe.github.com/HTML5Security/
Sie kennen die bekannten Angriffsvektoren wie SQL-Injections oder XSS. Ihre Anwendung ist sicher. Ist Sie das wirklich? Auch wenn Sie in Ihrer Webanwendung kein HTML5 einsetzen, die Browser sind bereit! Kennen Sie alle neuen Markups? Haben Sie bereits die Potentiale von Cross Origin Requests, WebSockets oder Local Storage auf dem Radar? Lernen Sie neue Gefahrenpotentiale kennen, die durch die Unterstützung von HTML5 und dessen APIs entstanden sind.
Derek Willian Stavis (Pagar.me)
Todo mundo diz que Webpack é só um module bundler. Mas o que é um módulo? O que é um bundler? Porque precisamos disso? Vamos caminhar pela história do desenvolvimento web para entender estes conceitos, e no final vamos dissecar a configuração e o output do Webpack para entendermos como ele funciona e como ele pode facilitar o seu processo de desenvolvimento.
Vale do Carbono Conference
Webpack is just a module bundler, they said. What they didn't say is why we need it, and what was the motivation that made us achieve what Webpack have been doing for us. In this talk we will navigate through the years of front-end development, ranging from 2003 to nowadays to understand this, and in the end, we will walk thought a complete Webpack project to understand how it works.
JavaScript, as it is today, is an insecure language. We need to understand it's shortcomings to improve the security of our applications to protect our users.
StHack 2014 - Mario "@0x6D6172696F" Heiderich - JSMVCOMFGStHack
There is a way to build common, classic web applications. You know, servers, databases, some HTML and a bit of JavaScript. Ye olde way.
Grandfather still knows. And there is a way to build hip and fancy, modern and light-weight, elastic and scalable client-side web applications. Sometimes with a server in the background, sometimes with a database ? but all the hard work is done by something new: JavaScript Model-View-Controller and templating frameworks.
Angular, Ember and CanJS, Knockout, Handlebars and Underscore? those aren't names of famous wrestlers but modern JavaScript fame-works that offer a boost in performance and productivity by taking care of many things web-app right there in the browser, where the magic happens. And more and more people jump on the bandwagon and implement those frameworks with great success. High time for a stern look from the security perspective, ain't it not?
This talk will show you how those frameworks work, how secure their core is and what kind of security issues spawn from the generous feature cornucopia they offer. Do their authors really know the DOM well enough to enrich it with dozens of abstraction layers? Or did they open a gate straight to JavaScript hell introducing a wide range of new injection bugs and coding worst-practices? Well, you'll know after this talk. You'll know?
INTERAKTIVE SLIDES:
http://johanneshoppe.github.com/HTML5Security/
Sie kennen die bekannten Angriffsvektoren wie SQL-Injections oder XSS. Ihre Anwendung ist sicher. Ist Sie das wirklich? Auch wenn Sie in Ihrer Webanwendung kein HTML5 einsetzen, die Browser sind bereit! Kennen Sie alle neuen Markups? Haben Sie bereits die Potentiale von Cross Origin Requests, WebSockets oder Local Storage auf dem Radar? Lernen Sie neue Gefahrenpotentiale kennen, die durch die Unterstützung von HTML5 und dessen APIs entstanden sind.