File:20160607-xssi-the tale of a fameless but widepsread vulnerability-Veit Hailperin.pdf

From OWASP
Jump to: navigation, search

"XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no publicly available tool to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk I am going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI exploitation.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current01:30, 29 June 2016 (2.01 MB)Schattenbaum (talk | contribs)"XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion...
  • You cannot overwrite this file.

There are no pages that link to this file.