YoVDO

Untangling the DOM for More Easy-Juicy Bugs

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Data Visualization Courses Javascript Courses Penetration Testing Courses Web Application Security Courses DOM (Document Object Model) Courses

Course Description

Overview

Explore a powerful approach to uncovering DOM-based vulnerabilities in modern web applications through this Black Hat conference talk. Delve into the challenges posed by JavaScript-heavy applications for penetration testers and scanners, and discover how dynamic analysis can reveal client-side attacks like DOM XSS, insecure WebSocket usage, and problematic global variables. Learn about Hookish!, an open-source Chrome extension that overrides DOM properties to expose critical security insights. Gain hands-on experience with Dom Flow, a feature allowing intuitive visualization of data flow between sources and sinks, enabling deeper understanding of application behavior and facilitating the discovery of hidden DOM-based bugs. Equip yourself with advanced techniques to conduct more effective penetration tests on complex web applications and stay ahead of evolving security challenges.

Syllabus

Dom Flow - Untangling The DOM For More Easy-Juicy Bugs


Taught by

Black Hat

Related Courses

Introduction to OWASP Top 10 Security Risks
A Cloud Guru
AWS SimuLearn: Cyber Security Threats
Amazon Web Services via AWS Skill Builder
AWS SimuLearn: Edge Protection
Amazon Web Services via AWS Skill Builder
Cloud Security Scanner: Qwik Start
Google via Google Cloud Skills Boost
OWASP Top 10: Broken Access Control
Codecademy