A huge thanks to my friend Steve, who pointed this one out to me.

The video was part of a webcast hosted by Garage4Hackers.

Ashar Javed gave an amazing XSS talk in this video and it is very well put together. He gives tons of examples and test URLs for testing the XSS attacks vs the various protection methods he discusses. Loads of information to learn from. The video is about and hour and a half long, and well worth the watch.

He explains towards the end of the video that in 50% of the TOP 100 sites he tested, he was able to bypass their XSS protection using his methodology. Most of the XSS he found were found in the HTML context.

Here are the slides from the talk.

As a side note, I love that the guy at the beginning of the video mentions the movie 3 Idiots. It is a fantastic movie and if you haven't seen it, the time is now. Its a movie that any hacker should be able to appreciate.