With the exemple of the project Fedora infrastructure and the dozens of custom business application written by members of the projects, this talk will examine the issues regarding XSS (cross site scripting, injecting javascript code in webpage) in web applications, how to find thoses issues, why they are more serious than usually believed and how you can detect and mitigate them with modern framework. The talk will mostly focus on the result of a audit of Pagure, a git forge written in Python, but the methodologies will be applicable to any applications, no matter the technology.
sitting on a chair right now, but I stand from time to time, Red Hat
Later
Saturday January 25, 2020 12:30pm - 1:25pm CET
E105Faculty of Information Technology Brno University of Technology, Božetěchova, Brno-Královo Pole, Czechia
