OWASP AppSec DC 2012/DOMJacking Attack Exploit and Defense

Revision as of 18:52, 11 March 2012 by Mark.bristow (Talk | contribs)

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Browsers architecture and usage are ever changing in todays world. Browser cannot be considered a thin client in this new era, it is very much a thick client and capable of loading very interesting applications. Ajax, RIA (Adobe), Silverlight and HTML5 are key ingredients of next generation applications. Document Object Model (DOM) is the most critical component of the browser; it allows various different technologies to glue at a single point. DOM is emerging as a potential battlefield for future application and can be considered as an interesting entry point. DOM can be attacked and exploited if it is implemented poorly across client side application. DOMJacking is an interesting vector and allows exploitation of various different interesting tags like object. Object tag holds application components like flash, Silverlight, applet etc. It is possible to hijack DOM and create various abuse cases and scenario. In this talk we are going to cover attack vectors encompassing DOM which can lead to exploitation of Browser components like HTML5, RIA and Silverlight. We will be covering various interesting concepts, threat vectors and innovative defense mechanism along with real life cases and demos.

The Speakers

Shreeraj Shah


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg