Untangling the DOM for More Easy-Juicy Bugs
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a powerful approach to uncovering DOM-based vulnerabilities in modern web applications through this Black Hat conference talk. Delve into the challenges posed by JavaScript-heavy applications for penetration testers and scanners, and discover how dynamic analysis can reveal client-side attacks like DOM XSS, insecure WebSocket usage, and problematic global variables. Learn about Hookish!, an open-source Chrome extension that overrides DOM properties to expose critical security insights. Gain hands-on experience with Dom Flow, a feature allowing intuitive visualization of data flow between sources and sinks, enabling deeper understanding of application behavior and facilitating the discovery of hidden DOM-based bugs. Equip yourself with advanced techniques to conduct more effective penetration tests on complex web applications and stay ahead of evolving security challenges.
Syllabus
Dom Flow - Untangling The DOM For More Easy-Juicy Bugs
Taught by
Black Hat
Related Courses
Introduction to OWASP Top 10 Security RisksA Cloud Guru AWS SimuLearn: Cyber Security Threats
Amazon Web Services via AWS Skill Builder AWS SimuLearn: Edge Protection
Amazon Web Services via AWS Skill Builder Cloud Security Scanner: Qwik Start
Google via Google Cloud Skills Boost OWASP Top 10: Broken Access Control
Codecademy