Exploiting CSP in WebKit to Break Authentication and Authorization
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical vulnerability in WebKit that affects Safari and all iOS browsers, including Firefox and Chrome. Delve into how this flaw, combined with a browser security feature, can be exploited to leak cross-site information, compromising authentication and authorization technologies like Single Sign-On and OAuth. Learn how this vulnerability potentially grants unauthorized access to user accounts across various web applications. Gain insights from security researchers Prakash Sharma and Sachin Thakuri as they present their findings in this 28-minute Black Hat conference talk, highlighting the importance of robust browser security implementations and the far-reaching consequences of seemingly minor flaws.
Syllabus
Exploiting CSP in WebKit to Break Authentication and Authorization
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube