December 4-6, 2017
Vancouver, Canada

Bypassing Modern XSS Protections

In modern web environment, there is plenty of XSS protection mechanisms. Web browsers (Chrome, Internet Explorer, Edge) are providing client-side filtering for XSS to defend their users. What are the limitations of each? Frameworks are also adding proactive mechanisms. Can we rely on them?
There will be no 0-day bypass for web browser bypass.

View all 87 sessions

Philippe Arteau


Philippe is a security engineer for ServiceNow. He has an interest in software development, penetration testing and security code review. He maintains Find Security Bugs, the static analysis tool.
He discovered significant vulnerabilities in several popular applications like Google Chrome, DropBox, Runkeeper, Jira and more. He has presented at various conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, 44CON and JavaOne.

Read More

Vancouver 2017 sponsored by