Gareth Heyes

Gareth Heyes is a PortSwigger web security researcher best known for pioneering research into cross site scripting, particularly DOM based XSS, and for discovering novel filter bypass and payload techniques. His work has significantly shaped modern client side vulnerability detection and exploitation. He is the author of the book "JavaScript for Hackers" and PortSwigger’s XSS Cheat Sheet.

At PortSwigger, Gareth spends his time researching new techniques for attacking web applications and inventing ever more creative XSS vectors. He has a particular fascination with abusing CSS in unconventional ways, from pure CSS 3D rooms and games to pushing markup languages well beyond their intended limits on his website. In his spare time, he enjoys building Burp Suite extensions, including the widely used Hackvertor.