BSidesKC 2019 - Travis Lowe - UI Redressing, Moving Beyond alert('xss')

Most people know all about making an alert box pop or getting a cookie sent to an external site with document.cookie. It makes since, it is easy to demo and for the most part makes for a great proof of concept. Unfortunately these sometimes fail to showcase some of the more potentially devious outcomes from having a site that is vulnerable to XSS. Come hang out while we talk about one of these devious methods called UI Redressing and how best to mitigate the issue. Travis Lowe Travis is recognized with an official certification from Microsoft as a Microsoft Office User Specialist in Microsoft Access 2000. He has worked in security for ~10 years, loves it, and has recently been digging into all things identity. During his day to day he is a penetration tester for a largish organization based out of Wichita.