Cross-Site Scripting meets Modern Web Technology

A presentation at SecTalks Adelaide in in Adelaide SA, Australia by Jakob Pennington

Web applications have evolved rapidly in recent years. The rise of Single Page Applications (SPAs) has resulted in a shift from building web pages on the server to within the browser. Progressive Web Applications (PWAs) have bought with them more features to allow apps to more closely resemble native apps. Similarly, frameworks such as Electron allow web developers to build cross-platform native apps.

Each of these technologies bring more functionality to JavaScript, and in-turn, Cross-Site Scripting. In this talk, Jakob will cover what these technologies mean for Cross-Site Scripting and demonstrate new attack vectors, exploits and mitigations.