Oh no, there is a XSS in your JS. Understanding, Identifying and Avoiding DOM Based XSS.
Submitted by Lavakumar Kuppan (@lava) on Friday, 23 August 2013
In 40 minutes you will learn:
2) The different variations of DOM based XSS
3) How DOM based XSS can be detected with available tools
4) Best ways to avoid and mitigate DOM based XSS in your code
Lavakumar is the founder of the IronWASP project, the advanced Web Security Testing Platform. He has authored multiple security tools like HAWAS, 'Shell of the Future', JS-Recon, Imposter and the HTLM5 based Distributed Computing System - Ravan. As a security researcher he has discovered several novel attacks that include a sandbox bypass on Flash Player, WAF bypass technique using HTTP Parameter Pollution, multiple HTML5 attacks and a CSRF protection bypass technique using CickJacking & HPP which was voted by peers and experts as the 5th best 'web security hack' of 2010. His works have been covered by leading media portals including the Forbes. All his research and tools are available at the Attack and Defense Labs website. He also maintains the HTML5 Security Resources Repository website. He has spoken at multiple conferences like BlackHat, OWASP AppSec Asia, SecurityByte, ClubHack, NullCon etc on topics ranging from browser exploitation to HTML5 Security. He is also the recipient of the Black Shield Luminaire award.