Company
Date Published
Author
Jason Haddix
Word count
226
Language
English
Hacker News points
None

Summary

Cross-Site Scripting (XSS) has become a persistent threat in software security, appearing consistently in top vulnerability lists and being submitted through bug bounty programs. However, not all XSS vulnerabilities are equal, and the increasing phenomenon of XSS-Fatigue suggests that defenders are becoming more adept at mitigating these issues. This episode of Big Bugs delves into high-impact XSS bugs found in the wild, explores resources for defenders and offenders alike, including browser exploitation frameworks, bug bounty programs, and expert tools like BeEF and Polyglots. To further aid understanding, it also provides a comprehensive overview of XSS research, including multi-context polyglot payloads and filter bypass techniques.