OWASP AppSec DC 2012/DOMJacking Attack Exploit and Defense - Revision history

Mark.bristow at 18:31, 25 March 2012

2012-03-25T18:31:10Z

Mark.bristow at 00:42, 13 March 2012

2012-03-13T00:42:30Z

Mark.bristow at 00:52, 12 March 2012

2012-03-12T00:52:11Z

Mark.bristow: Created page with " {{:OWASP AppSec DC 2012 Header}} NOTOC == The Presentation == rightBrowsers architecture and usage are ever chan..."

2012-03-02T20:40:51Z

Created page with " <noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightBrowsers architecture and usage are ever chan..."

New page

<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude>
__NOTOC__
== The Presentation ==
[[Image:Owasp_logo_normal.jpg|right]]Browsers architecture and usage are ever changing in todays world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point. DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos.
== The Speakers ==
Shreeraj Shah
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

@@ Line 2: / Line 2: @@
 __NOTOC__
 == The Presentation  ==
-Browsers architecture and usage are ever changing in todays world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point.  DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos.
+Browser's architecture and usage are ever changing in today's world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point.  DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos.
 == The Speakers  ==
 <table>
@@ Line 8: / Line 8: @@
 <td>
 ===Shreeraj Shah===
-[[Image:AppSecDC12-sheeraj.jpg|left]]Shreeraj Shah, (B.E., MSCS, MBA) is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking: Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, OÕreilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.
+[[Image:AppSecDC12-sheeraj.jpg|left]]Shreeraj Shah, (B.E., MSCS, MBA) is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking: Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O'reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.
 </td>
 </tr>
 </table>
 <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

@@ Line 8: / Line 8: @@
 <td>
 ===Shreeraj Shah===
-[[Image:AppSecDC12-sheeraj.jpg|left]] Bio TBA
+[[Image:AppSecDC12-sheeraj.jpg|left]]Shreeraj Shah, (B.E., MSCS, MBA) is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking: Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, OÕreilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.
 </td>
 </tr>
 </table>
 <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

OWASP AppSec DC 2012/DOMJacking Attack Exploit and Defense - Revision history

Mark.bristow at 18:31, 25 March 2012

Mark.bristow at 00:42, 13 March 2012

Mark.bristow at 00:52, 12 March 2012

Mark.bristow: Created page with " {{:OWASP AppSec DC 2012 Header}} __NOTOC__ == The Presentation == rightBrowsers architecture and usage are ever chan..."

Mark.bristow: Created page with " {{:OWASP AppSec DC 2012 Header}} NOTOC == The Presentation == rightBrowsers architecture and usage are ever chan..."