File:20140617-XSS and beyond-Rene.pdf

"XSS and beyond" by René Freingruber of SEC Consult


 * Introduction to Cross-Site-Scripting (XSS)
 * Reflected vs. Stored XSS
 * How to identify XSS
 * Special situations of XSS
 * Introduction to Browser Exploitation
 * Buffer overflows, Use-After-Free, Integer Overflows, ...
 * Overview about current mitigation techniques
 * Case study: Real-world Firefox exploit