YoVDO

Attacking Modern Web Technologies

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Cybersecurity Courses Amazon Web Services (AWS) Courses Ethical Hacking Courses Google Cloud Platform (GCP) Courses Slack Courses

Course Description

Overview

Dive into a comprehensive exploration of modern web technology vulnerabilities with top-ranked white-hat hacker Frans Rosén in this 43-minute conference talk from OWASP AppSec EU 2018. Discover methodologies for accessing private Slack tokens through postMessage and WebSocket-reconnect techniques, and learn how misconfigured AWS and Google Cloud settings can lead to full asset control by attackers. Gain insights into new hacks, bug bounty experiences, and eye-opening revelations about the true security of seemingly safe protocols and policies. Topics covered include AppCache, Dropbox upload policies, postmessage vulnerabilities, document service exploits, clientside race conditions, jQuery security issues, and more. Conclude with a Q&A session to deepen your understanding of cutting-edge web security challenges.

Syllabus

Introduction
Attacking Modern Web Technologies
About Frans Rosen
Outline of the talk
AppCache
Dropbox
Upload Policies
Custom Policies
Postmessage
Document Service
Clientside Race Conditions
Example
Speed Bumps
jQuery
What could I add to it
One more thing
Questions


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube