SlideShare a Scribd company logo

Warning Ahead: SecurityStorms are Brewing in Your JavaScript

Download as PPTX, PDF
Cyber Security Alliance
Cyber Security Alliance

JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact ofJavaScript vulnerability exploitation to the enterprise: from stealing serverside data to infecting users with malware. Hackers are beginning to recognize this new playground and are quicklyadding JavaScript exploitation tools to their Web attack arsenal.

Technology
1 of 44
Warning Ahead: Security Storms are Brewing in Your JavaScript
About Me Helen Bravo Product Manager of Checkmarx Static Application Security Testing (AKA – Source Code Analysis)
Agenda • Broken sandbox • Same old XSS becomes a monster • Watch out for your client side • “I know where you were last summer”
HTML5 is booming Report released in August 2013 has shown that 153 of the Fortune 500 U.S. companies already implemented HTML5 on their corporate websites.
Some of the additions in HTML5 • WEB storage • WEB SQL database • Indexed DB • Application cache • Web workers • Web socket • CORS • Web messaging • Sandbox attribute • New HTTP headers • Server sent events • New and better semantic tags • New form types • Audio and video tags • Canvas • Inline SVG • New onevent attributes • Geolocation • New CSS selectors • New javascipt selectors • Custom data - attributes
The Sandbox Attribute
SOP Same Origin Policy permits scripts running on pages originating from the same site based on combination of scheme, hostname, and port number
Same Origin Policy http://www.cnn.com/main main page “Change background to green” http://www.cnn.com/story1 Iframe same origin
Same Origin Policy http://www.cnn.com/main main page “Change background to green” http://www.fox.com Iframe different origin
Markets • Recent trend - markets of extensions Salesforce.com, Microsoft 365, etc… • Extension is Javascript code written by a 3rd party but hosted and delivered from the very same server • So SOP doesn’t play well
Sandbox concept Sandbox concept? Sandbox is a hardening of the basic SOP – so that any content running in the sandboxed iframe is treated as if it comes from a different origin, and it gives fine-grained control over what restrictions apply.
Sandbox syntax • Syntax <iframe sandbox="value"> Valu•e Attribute Values Description "" Applies all restrictions below allow-same-origin Allows the iframe content to be treated as being from the same origin as the containing document allow-top-navigation Allows the iframe content to navigate (load) content from the containing document allow-forms Allows form submission allow-scripts Allows script execution
http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> 1 Iframe / same origin
http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> Sandboxed Iframe Default permissions Same Origin
http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> 1 Sandboxed Iframe Allowing Scripts and SOP(Same Origin)
http://www.server.com http://www.server.com/iframe main page <script> top.navigate(…) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin)
http://www.server.com http://www.server.com/iframe main page <script> top.find(myself) addPermission(myself, top_nav) Refresh() navigate(…) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin) And Top Navigation
http://www.hacker.server.com http://www.server.com/iframe main page <script> top.find(myself) addPermission(myself, top_nav) Refresh() Navigate(http://www.hacker.com) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin) And Top Navigation
Don’t just count on Sandbox! Don’t assume that just because an iFrame is sandboxed, your code is secure. What can you do? Avoid granting a sandboxed iFrame with scripting and SOP capabilities.
How a single XSSed page can be used to take screenshots of other non-XSSed page ?
<canvas> Is the HTML5 element , used to draw graphics, on the fly, via scripting (usually JavaScript).
Monster XSS – Attack Steps • Step A – Use Bookstore project Login page vulnerable to Reflected XSS to embed itself in an iframe http://server/page.aspx?xss=<iframe src=“http://server/page.aspx”> Iframe border (left visible for demo purposes)
Monster XSS – Attack steps • Step B – The user logs in and browses the inside frame. The outer page remains the same while it’s scripts can access the inner’s data Iframe border (left visible for demo purposes) The user went to the admin page, but the URL is still the XSS’ed login page
Monster XSS – The result • The attacker gets set of pictures representing all user activity( yes, including user name and password!)
Monster XSS – The technique • HTML5 introduced the concept of Canvas, which can be used to take screenshots What is Canvas? (w3schools) The HTML5 <canvas> element is used to draw graphics, on the fly, via scripting (usually JavaScript).
Monster XSS – The technique • Html2canvas - open-source script which builds screenshots based on DOM information. • We modify it a bit – to reveal passwords
Monster XSS – The technique Modified HTML2Canvas runs at the outer page and every 2 seconds takes screenshots of the iframe XSS that takes base64 screenshots
Monster XSS – The technique
Monster XSS – bottom line So, what can you do ? Get rid of XSS!!!
WebSockets
Web Socket WebSocket – allows persistent connection between the client and the server , when both parties can start sending data at any time.
Super-charged XSS http://www.andlabs.org/tools/jsrecon.html
New Tricks, Old Dog • XSS can be used as an agent to map the structure of a network behind a firewall • Super-charged XSS – Advanced port scanning (WebSockets) • http://www.andlabs.org/tools/jsrecon.html
• Websocket – Fast and efficient network mapping process – Firewall bypass into organization
Client-Side Business Logic
Pacman - winning the odds • Client site business logic helps to gain efficiency. • Efficiency brings along security costs
Packman Demo
Pacman – recommendations • Don’t trust the client: validate user input • Do not ever store business logic on the client
GeoLocation
A Variant of Clickjacking How to trick victims into turning on their PC cameras without them even realizing?
A Variant of Clickjaking Demo http://localhost/bookstore/k2.html
A Variant of Clickjaking Against attacks focused on social engineering There is only one solution Awareness
Summary • HTML5 brings enhancements to Web development • …which comes with some great enhancements to security vulnerabilities
Thank you! Helen Bravo helen.bravo@checkmarx.com

Recommended

Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
 
Ten Commandments of Secure Coding
Ten Commandments of Secure CodingTen Commandments of Secure Coding
Ten Commandments of Secure CodingMateusz Olejarka
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 

Recommended

Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
 
Ten Commandments of Secure Coding
Ten Commandments of Secure CodingTen Commandments of Secure Coding
Ten Commandments of Secure CodingMateusz Olejarka
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 
L27
L27L27
L27NathannyabvureMapisa
 
Advanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & DefensesAdvanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & DefensesTiago Mendo
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
Security War Games
Security War GamesSecurity War Games
Security War GamesSeniorStoryteller
 
Is code review the solution?
Is code review the solution?Is code review the solution?
Is code review the solution?Tiago Mendo
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?Marcelo Sandoval Mora
 
Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationDavid Terrar
 

More Related Content

What's hot

Advanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & DefensesAdvanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & DefensesTiago Mendo
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullSeniorStoryteller
 
Is code review the solution?
Is code review the solution?Is code review the solution?
Is code review the solution?Tiago Mendo
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security HeadersOWASP
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack labJoe McCray
 

What's hot (20)

L27
L27L27
L27
 
Advanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & DefensesAdvanced SQL Injection Attack & Defenses
Advanced SQL Injection Attack & Defenses
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
 
Rugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich MogullRugged DevOps at Scale with Rich Mogull
Rugged DevOps at Scale with Rich Mogull
 
Security War Games
Security War GamesSecurity War Games
Security War Games
 
Is code review the solution?
Is code review the solution?Is code review the solution?
Is code review the solution?
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers[Wroclaw #2] Web Application Security Headers
[Wroclaw #2] Web Application Security Headers
 
Web security for developers
Web security for developersWeb security for developers
Web security for developers
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 

Viewers also liked

Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?Marcelo Sandoval Mora
 
Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationDavid Terrar
 
Social Media for Book Publishers and Authors
Social Media for Book Publishers and AuthorsSocial Media for Book Publishers and Authors
Social Media for Book Publishers and AuthorsHikeBandit
 
Social Media for Awareness and Influence
Social Media for Awareness and InfluenceSocial Media for Awareness and Influence
Social Media for Awareness and InfluenceDavid Horne
 
How to leverage paid social media advertising to achieve enrollment goals by ...
How to leverage paid social media advertising to achieve enrollment goals by ...How to leverage paid social media advertising to achieve enrollment goals by ...
How to leverage paid social media advertising to achieve enrollment goals by ...jwalovitch
 
Social Media for B2B Small Business
Social Media for B2B Small BusinessSocial Media for B2B Small Business
Social Media for B2B Small BusinessInfusionsoft
 
8/28 數位教學檔案製作
8/28 數位教學檔案製作8/28 數位教學檔案製作
8/28 數位教學檔案製作Jin-yuh Huang
 
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...T. Rajib Subudhi
 
Typography Inspiration from Movie Title Cards
Typography Inspiration from Movie Title CardsTypography Inspiration from Movie Title Cards
Typography Inspiration from Movie Title CardsQuality Logo Products
 

Viewers also liked (20)

Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
Profilaxis de trombosis venosa profunda en cirugía meniscal:¿cunado y como?
 
Building trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certificationBuilding trust for cloud customers - the value of cif certification
Building trust for cloud customers - the value of cif certification
 
Social Media for Book Publishers and Authors
Social Media for Book Publishers and AuthorsSocial Media for Book Publishers and Authors
Social Media for Book Publishers and Authors
 
Historypin_DigiTools_Map_App
Historypin_DigiTools_Map_AppHistorypin_DigiTools_Map_App
Historypin_DigiTools_Map_App
 
Social Media for Awareness and Influence
Social Media for Awareness and InfluenceSocial Media for Awareness and Influence
Social Media for Awareness and Influence
 
1° básico b semana 16 al 20 de mayo
1° básico b semana 16 al 20 de mayo1° básico b semana 16 al 20 de mayo
1° básico b semana 16 al 20 de mayo
 
How to leverage paid social media advertising to achieve enrollment goals by ...
How to leverage paid social media advertising to achieve enrollment goals by ...How to leverage paid social media advertising to achieve enrollment goals by ...
How to leverage paid social media advertising to achieve enrollment goals by ...
 
Mafer cuadros (1)
Mafer cuadros (1)Mafer cuadros (1)
Mafer cuadros (1)
 
Social Media for B2B Small Business
Social Media for B2B Small BusinessSocial Media for B2B Small Business
Social Media for B2B Small Business
 
373
373373
373
 
8/28 數位教學檔案製作
8/28 數位教學檔案製作8/28 數位教學檔案製作
8/28 數位教學檔案製作
 
Recrutement 2.0
Recrutement 2.0Recrutement 2.0
Recrutement 2.0
 
8717385 d karotte_190g
8717385 d karotte_190g8717385 d karotte_190g
8717385 d karotte_190g
 
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...
8b/10b Encoder Decoder design and Verification for PCI Express protocol usin...
 
Data & Energie
Data & EnergieData & Energie
Data & Energie
 
Social Media for B2B Companies - Updated, 2012
Social Media for B2B Companies - Updated, 2012Social Media for B2B Companies - Updated, 2012
Social Media for B2B Companies - Updated, 2012
 
L'elefante incatenato
L'elefante incatenatoL'elefante incatenato
L'elefante incatenato
 
8b5
8b58b5
8b5
 
Bubba's birthday 2013
Bubba's birthday 2013Bubba's birthday 2013
Bubba's birthday 2013
 
Typography Inspiration from Movie Title Cards
Typography Inspiration from Movie Title CardsTypography Inspiration from Movie Title Cards
Typography Inspiration from Movie Title Cards
 

Similar to Warning Ahead: SecurityStorms are Brewing in Your JavaScript

Html5 security
Html5 securityHtml5 security
Html5 securityKrishna T
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesBrad Hill
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBSides Delhi
 
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...Divyanshu
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application DefenseFrank Kim
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 
www.webre24h.com - Ajax security
www.webre24h.com - Ajax securitywww.webre24h.com - Ajax security
www.webre24h.com - Ajax securitywebre24h
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
The Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesThe Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesWesley Hales
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreJosh Sokol
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)OWASP Khartoum
 
Secure web messaging in HTML5
Secure web messaging in HTML5Secure web messaging in HTML5
Secure web messaging in HTML5Krishna T
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headersAndre N. Klingsheim
 

Similar to Warning Ahead: SecurityStorms are Brewing in Your JavaScript (20)

Html5 security
Html5 securityHtml5 security
Html5 security
 
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security Playground
 
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Xss frame work
Xss frame workXss frame work
Xss frame work
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application Defense
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
 
www.webre24h.com - Ajax security
www.webre24h.com - Ajax securitywww.webre24h.com - Ajax security
www.webre24h.com - Ajax security
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
Attacking HTML5
Attacking HTML5Attacking HTML5
Attacking HTML5
 
The Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesThe Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devices
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
 
XSS Injection Vulnerabilities
XSS Injection VulnerabilitiesXSS Injection Vulnerabilities
XSS Injection Vulnerabilities
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
 
Secure web messaging in HTML5
Secure web messaging in HTML5Secure web messaging in HTML5
Secure web messaging in HTML5
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
 

More from Cyber Security Alliance

Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Cyber Security Alliance
 

More from Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinal
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxy
 
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Warning Ahead: SecurityStorms are Brewing in Your JavaScript

  • 1. Warning Ahead: Security Storms are Brewing in Your JavaScript
  • 2. About Me Helen Bravo Product Manager of Checkmarx Static Application Security Testing (AKA – Source Code Analysis)
  • 3. Agenda • Broken sandbox • Same old XSS becomes a monster • Watch out for your client side • “I know where you were last summer”
  • 4. HTML5 is booming Report released in August 2013 has shown that 153 of the Fortune 500 U.S. companies already implemented HTML5 on their corporate websites.
  • 5. Some of the additions in HTML5 • WEB storage • WEB SQL database • Indexed DB • Application cache • Web workers • Web socket • CORS • Web messaging • Sandbox attribute • New HTTP headers • Server sent events • New and better semantic tags • New form types • Audio and video tags • Canvas • Inline SVG • New onevent attributes • Geolocation • New CSS selectors • New javascipt selectors • Custom data - attributes
  • 7. SOP Same Origin Policy permits scripts running on pages originating from the same site based on combination of scheme, hostname, and port number
  • 8. Same Origin Policy http://www.cnn.com/main main page “Change background to green” http://www.cnn.com/story1 Iframe same origin
  • 9. Same Origin Policy http://www.cnn.com/main main page “Change background to green” http://www.fox.com Iframe different origin
  • 10. Markets • Recent trend - markets of extensions Salesforce.com, Microsoft 365, etc… • Extension is Javascript code written by a 3rd party but hosted and delivered from the very same server • So SOP doesn’t play well
  • 11. Sandbox concept Sandbox concept? Sandbox is a hardening of the basic SOP – so that any content running in the sandboxed iframe is treated as if it comes from a different origin, and it gives fine-grained control over what restrictions apply.
  • 12. Sandbox syntax • Syntax <iframe sandbox="value"> Valu•e Attribute Values Description "" Applies all restrictions below allow-same-origin Allows the iframe content to be treated as being from the same origin as the containing document allow-top-navigation Allows the iframe content to navigate (load) content from the containing document allow-forms Allows form submission allow-scripts Allows script execution
  • 13. http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> 1 Iframe / same origin
  • 14. http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> Sandboxed Iframe Default permissions Same Origin
  • 15. http://www.server.com http://www.server.com/iframe main page <script> alert(1) </script> 1 Sandboxed Iframe Allowing Scripts and SOP(Same Origin)
  • 16. http://www.server.com http://www.server.com/iframe main page <script> top.navigate(…) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin)
  • 17. http://www.server.com http://www.server.com/iframe main page <script> top.find(myself) addPermission(myself, top_nav) Refresh() navigate(…) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin) And Top Navigation
  • 18. http://www.hacker.server.com http://www.server.com/iframe main page <script> top.find(myself) addPermission(myself, top_nav) Refresh() Navigate(http://www.hacker.com) </script> Sandboxed Iframe Allowing Scripts and SOP(Same Origin) And Top Navigation
  • 19. Don’t just count on Sandbox! Don’t assume that just because an iFrame is sandboxed, your code is secure. What can you do? Avoid granting a sandboxed iFrame with scripting and SOP capabilities.
  • 20. How a single XSSed page can be used to take screenshots of other non-XSSed page ?
  • 21. <canvas> Is the HTML5 element , used to draw graphics, on the fly, via scripting (usually JavaScript).
  • 22. Monster XSS – Attack Steps • Step A – Use Bookstore project Login page vulnerable to Reflected XSS to embed itself in an iframe http://server/page.aspx?xss=<iframe src=“http://server/page.aspx”> Iframe border (left visible for demo purposes)
  • 23. Monster XSS – Attack steps • Step B – The user logs in and browses the inside frame. The outer page remains the same while it’s scripts can access the inner’s data Iframe border (left visible for demo purposes) The user went to the admin page, but the URL is still the XSS’ed login page
  • 24. Monster XSS – The result • The attacker gets set of pictures representing all user activity( yes, including user name and password!)
  • 25. Monster XSS – The technique • HTML5 introduced the concept of Canvas, which can be used to take screenshots What is Canvas? (w3schools) The HTML5 <canvas> element is used to draw graphics, on the fly, via scripting (usually JavaScript).
  • 26. Monster XSS – The technique • Html2canvas - open-source script which builds screenshots based on DOM information. • We modify it a bit – to reveal passwords
  • 27. Monster XSS – The technique Modified HTML2Canvas runs at the outer page and every 2 seconds takes screenshots of the iframe XSS that takes base64 screenshots
  • 28. Monster XSS – The technique
  • 29. Monster XSS – bottom line So, what can you do ? Get rid of XSS!!!
  • 31. Web Socket WebSocket – allows persistent connection between the client and the server , when both parties can start sending data at any time.
  • 33. New Tricks, Old Dog • XSS can be used as an agent to map the structure of a network behind a firewall • Super-charged XSS – Advanced port scanning (WebSockets) • http://www.andlabs.org/tools/jsrecon.html
  • 34. • Websocket – Fast and efficient network mapping process – Firewall bypass into organization
  • 36. Pacman - winning the odds • Client site business logic helps to gain efficiency. • Efficiency brings along security costs
  • 38. Pacman – recommendations • Don’t trust the client: validate user input • Do not ever store business logic on the client
  • 40. A Variant of Clickjacking How to trick victims into turning on their PC cameras without them even realizing?
  • 41. A Variant of Clickjaking Demo http://localhost/bookstore/k2.html
  • 42. A Variant of Clickjaking Against attacks focused on social engineering There is only one solution Awareness
  • 43. Summary • HTML5 brings enhancements to Web development • …which comes with some great enhancements to security vulnerabilities
  • 44. Thank you! Helen Bravo helen.bravo@checkmarx.com

Editor's Notes

  1. Since we have visibility to a lot of customers data, and a lot of problems in JavaScript. And I am here to share it with you.
  2. exacerbate
  3. Explain each attribute concept
  4. Additional reason for sand box invention
  5. Let’s take a look at the granularity and what types of activities sandbox enables. Let’s look at the values, what it allows us. Even if you know it well let’s review it for the quize you are going to have at the end.
  6. Fix animation Punchline: And with that we have defeded the whole concept of sandbox
  7. s