In the second installment of Safelight’s Lightning Talk series, Rob Cheyne will present the basics of cross-site scripting (XSS) at OWASP Boston.

He will cover the two primary methods of XSS attack, reflected and persistent, as well as provide detailed demonstrations that show how an attacker would use these methods in the real world.

As part of the demo, Rob will go beyond proof of concept and present an example of a “weaponized” JavaScript that could be used to steal another user’s session information.

Rob will also offer practical tips for defending against cross-site scripting flaws in your own applications.

When: June 2, 2010

Time: 6:30 p.m.

Where: Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA