Cross-site scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

Quoted from Wikipedia


  • Yu Yagihashi
  • Security Engineer at Mercari, Inc.
  • Loves XSS, SQLi, and so on
  • Security Camp 2013 Web security class
  • Security Camp 2014 Web security class(tutor)
  • Security Camp 2015 lecturer
  • CTF Team: katagaitai, ********
  • SECCON CTF 2013 Final, 7th place as ********
  • ctf4b, in charge of the Web section


Mail %77%77%77%2d%64%61%74%61%40%6b%65%69%6f%2e%6a%70
Twitter @yagihashoo
Facebook Yu Yagihashi
GitHub yagihashoo
Flickr yagihashoo
Instagram yagihash
Blog XSSになりたい
Slideshare yagihashoo


「XSS1000本ノックを支える技術」 at Shibuya.XSS techtalk#10

「CSPの話〜FxOSチューン☆〜」 at 関東Firefox OS勉強会 11th

「CSP Lv.2の話」 at ssmjp 2014/10

「セッション管理のお話」 at セキュリティ・キャンプフォーラム2014

「http://こいつの:話」 at Shibuya.XSS Techtalk#7

「katagaitai勉強会#6 EasyなWeb編」 at katagaitai勉強会#6