This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/DOMJacking Attack Exploit and Defense"
Mark.bristow (talk | contribs) (Created page with " <noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightBrowsers architecture and usage are ever chan...") |
Mark.bristow (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | |||
<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> | <noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> | ||
__NOTOC__ | __NOTOC__ | ||
== The Presentation == | == The Presentation == | ||
| − | + | Browsers architecture and usage are ever changing in todays world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point. DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos. | |
== The Speakers == | == The Speakers == | ||
| − | Shreeraj Shah | + | <table> |
| + | <tr> | ||
| + | <td> | ||
| + | ===Shreeraj Shah=== | ||
| + | [[Image:AppSecDC12-sheeraj.jpg|left]] Bio TBA | ||
| + | </td> | ||
| + | </tr> | ||
| + | </table> | ||
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> | <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> | ||
Revision as of 00:52, 12 March 2012
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
The Presentation
Browsers architecture and usage are ever changing in todays world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point. DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos.
The Speakers
Shreeraj Shah |
Gold Sponsors |
|
|
|
|
Silver Sponsors |
| |||
Small Business |
|
| ||
Exhibitors |
|
|
|
|
