A live demonstration of how a single Cross Site Scripting vulnerability can be exploited to bypass multiple types of defenses within an application.
Matt Metzger’s passion for application security started as a hobby poking around in places he shouldn’t and responsibly disclosing application vulnerabilities. Somehow that segued into a career building e-commerce applications, automated testing frameworks, and everything in between. He is currently an Application Security Engineer at PhishMe.