This document discusses how to profit from UI-redressing (changing the user interface in a browser). It describes server-side mitigations like X-Frame-Options headers. It recommends targeting CSRF-protected actions and pages with tokens. Various CSS techniques and exploitation methods are outlined, like simple clickjacking and fake captchas. The conclusion encourages profiting from bug bounties by imagining new attack techniques on sites without adequate protections.
This document provides an introduction to bug bounty programs. It defines what a bug bounty program is, provides a brief history of major programs, and discusses reasons they are beneficial for both security researchers and companies. Key points covered include popular programs like Google and Facebook, tools used in bug hunting like Burp Suite, and lessons for researchers such as writing quality reports and following each program's rules.
This document provides information for a bug bounty presentation. It introduces the speaker, Sagar Parmar, and his background in security. It then outlines topics to cover, including what a bug bounty is, how to get started as a new bug bounty hunter, tips for progressing, and example vulnerabilities to target like XSS, SQLi, SSRF, LFI, and RCE. Details are given on finding and reporting vulnerabilities with the goal of helping others learn and advance in bug bounty hunting.
The document discusses the goals and design of the IE8 XSS filter, which aims to block cross-site scripting attacks. It outlines scenarios that are protected, such as injections into HTML tags and JavaScript strings. It then describes several ways to potentially bypass the filter, such as using fragmented injections across multiple parameters, HTML-only injections, and same-site navigation checks. The document provides technical details on the filter's heuristics and how certain encoding tricks may allow escaping its rules.
Ciarán McNally is an experienced security researcher who participates in bug bounty programs. He outlines advantages of bug bounties for both security researchers and organizations. He provides tips for getting started, including focusing on newer or larger programs initially. Ciarán also describes techniques he uses for effective information gathering and vulnerability scanning at scale for bug bounty programs, such as leveraging IP address ranges and public scan data. He stresses following responsible disclosure guidelines and focusing on high quality issues.
This document discusses bug bounty programs (BBPs), which reward security researchers for responsibly disclosing software vulnerabilities. It introduces BBPs, noting they save companies money while improving security. Major companies like Google and Facebook run BBPs. The document outlines prerequisites for BBPs like learning security testing techniques. It provides tips for finding vulnerabilities like understanding a site's scope, tools, and avoiding duplicate reports. Common vulnerability types in BBPs include injection flaws and insecure data storage.
Automatically detecting client side JavaScript vulnerabilities using IBM Rational AppScan and JavaScript Security Analyzer (hybrid analysis)
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
Above are my slides I used during a workshop I conducted at the Moroccan Cyber Security Camp back in May 2017.
The document discusses different types of cross-site scripting (XSS) vulnerabilities and how to detect and exploit them. It outlines the main places where output can be injected, including directly into HTML, JavaScript blocks, attributes, comments, and Flash. It then provides examples and demonstrations of exploiting XSS in each of these contexts, such as by injecting JavaScript alerts. The document concludes by noting challenges in exploiting XSS and the importance of testing payloads with and without encoding.
It's time to deprecate JavaScript. It's security model and the language itself are appalling. As data moves into the cloud the JavaScript threat is increasing and I believe the only way to fix this is to start all over again. The 14 year old language and security model aren't up to today's threats.
CSRF: Yeah, It Still Works, the DEFCON 17 presentation discussing and exemplifying CSRF vulnerabilities in a variety of platforms and applications.
In this presentation I'm trying to describe the "Top 10 Vulnerabilities in Web Application" according to OWASP (Open Web Application Security Project). --The top 10 security mistakes that developers make --How to design software with an assurance of security