Keynote SSTIC 2009 – XSS: From Breeze to Hurricane

Presentation : Pierre GARDENAT

XSS has been increasing in criticality and occurrence since 2004 (OWASP), an interesting indicator of the evolution of these attacks.

An XSS attack, using the DOM API, allows for the complete rewriting of a web page. Large websites are not immune, and are even a prime target.

There are several methods to bypass the limitation of requests to the current domain (web proxy, mod-rewrite, signed script), and allow cross-domain requests.
An attacker can practically take control of a machine affected by XSS, thanks to the (albeit limited) capabilities of javascript.

It becomes quite easy to place a dormant XSS attack, installed in a browser, in mode XSSBotNet, waiting, for example, for a zero day in the browser to take total control of the machine.

The internet has become an impressive commercial machine, where pressures on development deadlines allow these kinds of vulnerabilities to develop rapidly.
The lack of experience with recent technologies and the expansion of functionalities is difficult to control in web applications, and that's the whole problem.