New Ways I'm Going to Hack Your Web App
- Type
- Slides
- Tags
- cookie, vulnerability, web application, XSS
- Authors
- Jesse Ou, Rich Lundeen
- Event
- Black Hat Abu Dhabi 2011
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-ad-11/Lundeen/bh-ad-11-Lundeen-New_Ways_Hack_WebApp-Slides.pdf
- File name
- bh-ad-11-Lundeen-New_Ways_Hack_WebApp-Slides.pdf
- File size
- 7.8 MB
- MD5
- 8566a0cd80dd3a3ba27326f16674cf9b
- SHA1
- 60a110c6dacdc962c389499a7fcbfb3257149c8a
Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn't even the hard part, it's keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90's RFCs and 2010's HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let's never talk about that again. Ever. Take Facebook, Office 365, MSN, and Wordpress. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we'll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
