YoVDO

SVG - Exploiting Browsers without Image Parsing Bugs

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Computer Science Courses Web Development Courses Javascript Courses XML Courses Browser Exploitation Courses

Course Description

Overview

Explore the security implications of SVG in web browsers through this 24-minute Black Hat conference talk. Delve into the lesser-known aspects of SVG, including its ability to contain JavaScript and import external scripts and stylesheets. Understand why treating SVG like a simple image format such as JPEG can lead to significant security vulnerabilities. Learn how SVG's XML-based format for vector graphics, combined with its support for CSS styling and JavaScript manipulation, necessitates treating it with the same security considerations as HTML. Gain insights from speaker Rennie deGraaf on the potential risks and exploits associated with SVG in modern web browsers, and discover why proper security measures are crucial when handling this versatile but potentially dangerous file format.

Syllabus

SVG: Exploiting Browsers without Image Parsing Bugs


Taught by

Black Hat

Related Courses

Offensive Javascript Techniques for Red Teamers
Security BSides San Francisco via YouTube Browser Exploitation - Max Zinkus
White Hat Cal Poly via YouTube Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube This is for the Pwners - Exploiting a WebKit 0-day in PlayStation 4
Black Hat via YouTube Dark Fairytales from a Phisherman Vol II
44CON Information Security Conference via YouTube