Security Research

3
How to get good at XSS? There are a lot of charlatans out their overhyping by posting misleading content. It's infuriating because a lot of the actual research is less flashy and thus more hidden. Maybe I'm a bit too pessimistic in this video, but I think it's a concrete example we can use talk about it.
An actual XSS on google.com by Masato Kinugawa. It abuses a parser differential between a JavaScript enabled and disabled context.
Leaking data through a search cross origin, by abusing a behaviour of Chrome regarding iframed pages that trigger errors.