Client-side JavaScript Vulnerabilities

分散型のスキャナーの構築は挑戦のし甲斐があり、実在のブラウザを使って作る場合はなおさらである。 今回紹介するスキャナーでは、ChromiumにJSのライブラリやそのバージョンを得るためのJavaScriptを注入することで、スキャンしたサイトのすべてのHTMLとJavaScript、独自アーキテクチャを必要とするセキュリティヘッダを保存できる。 このスキャナーでトップの100万サイトに対してスキャンを行い、現在のWeb上の状況を調べることが可能となるスケーラブルなシステムを設計する際に克服した課題についてカバーした。 本講演では、データ分析で得られた興味深い点にも触れるつもりである。 --- アイザック・ドーソンIsaac Dawson アイザック・ドーソンは、Veracode社の主要なセキュリティ研究者の一人で、彼の率いる同社の研究開発チームは、Veracode社の動��解析の提供に努めている。 Veracode社の前は@stake社とSymantec社でコンサルタントをしていた。 2004年にアプリケーションセキュリティのコンサルティングチーム発足させるため、日本へやってきた。 Veracode社での勤務が始まった後、彼の中で日本があまりにも快適であることがはっきりしたので、それ以降、滞在し続けることを決めたのだった。 Go言語の熱心なプログラマーであり、分散システムに関心があり、特にWebのスキャニングに強い関心をもっている。

This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan. Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd

Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack. Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported. In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron. --- Yosuke Hasegawa Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others. OWASP Kansai Chapter Leader, OWASP Japan Board member.

XSS (cross-site scripting) is a common web vulnerability that allows attackers to inject client-side scripts. The document discusses various types of XSS attacks and defenses against them. It covers: 1) Reflected/transient XSS occurs when untrusted data in URL parameters is immediately displayed without sanitization. Stored/persistent XSS occurs when untrusted data is stored and later displayed. DOM-based XSS manipulates the DOM. 2) Defenses include HTML/URL encoding untrusted data before displaying it, validating all inputs, and using context-specific encoding for HTML elements, attributes, JavaScript, and URLs. 3) The OWASP Java Encoder Project and Microsoft Anti

The document is a presentation about web application security fundamentals and attacks. It discusses topics like cross-site scripting (XSS), cross-site request forgery (CSRF), UTF-7 encoding, and other techniques like JSON parsing (JSONP). In the past, security tutorials focused on not trusting user input, avoiding SQL injection, and preventing JavaScript injection, but the presenter aims to discuss more modern attacks.

* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.

JavaScript is the most widely used language cross platforms. This talk will analyze the security concerns from past to present with a peek to the future of this important language. This talk was presented as Keynote at CyberCamp Espana 2014.

DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. Certain vulnerabilities in JavaScript code cannot be tracked by standard IDS or perimeter security measures, which leads to a huge potential vulnerability, the code can be abused to steal data or bypass authentication mechanisms in web interfaces. This presentation will demonstrate vulnerabilities and also present Minded Security’s latest countermeasure DOMinatorPro.

Various techniques of TLS Redirection / Virtual Host Confusion attacks https://github.com/GrrrDog/TLS-Redirection

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

This document provides information about the Google Chrome web browser, including its version number, what it is, why it should be used, how it compares to other browsers, and summaries of vulnerabilities found in it and other browsers like Firefox. It describes things like Chrome being open source, lightweight, having integrated Google search, and being fast. It also outlines exploits like remote code execution via malicious URLs or automatic file downloads without prompts.

This document discusses how to profit from UI-redressing (changing the user interface in a browser). It describes server-side mitigations like X-Frame-Options headers. It recommends targeting CSRF-protected actions and pages with tokens. Various CSS techniques and exploitation methods are outlined, like simple clickjacking and fake captchas. The conclusion encourages profiting from bug bounties by imagining new attack techniques on sites without adequate protections.

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.

Slides for "HTML5 Security Realities" talk at W3Conf: Practical Standards for Web Professionals 2013. Brad Hill - PayPal @hillbrad

http://www.powerofcommunity.net/pastcon_2008.html & http://xcon.xfocus.org/XCon2008/index.html The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin. This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered. As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.

This document summarizes three security vulnerabilities that can exist in Flash applications: 1. Same-origin policy bypass through loader contexts and cross-domain policies 2. Phishing through manipulation of SWF URLs in metadata 3. Cross-site scripting through user-supplied parameters if the SWF is loaded from a public CDN domain that is shared by other sites.

How a new HTTP response header can help increase the depth of your web application defenses. Also includes a few slides on HTTP Strict Transport Security, a header which helps protects HTTPS sites from sslstrip attacks.

Als JavaScript als Sprache designed wurde stand einfache Objektorientierung, Flexibilität und Mächtigkeit im Vordergrund - der Scope war allerdings, mit der Bearbeitung von HTML-Formularen im Browser, eher beschränkt. Heute gibt es Codebasen mit mehreren Millionen Zeilen Code in JavaScript, und praktisch jedes Problem einer Enterprise-Applikation kann mit JavaScript gelöst werden. Der Talk zeigt welche Wirkung Sprachdesign und Engine von JavaScript auf die Anwendungsfelder von heute hat, welche eigenen Fehlerklassen dadurch entstehen und wie man sie in der praktischen Arbeit umgeht.