The Insecurity Caused by Trusting Your Client-Side Storage
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security risks associated with client-side storage in this 41-minute conference talk from the OWASP Foundation. Delve into the vulnerabilities of cookies and web storage, understanding the potential for exploitation in web applications. Learn about tainted chromium, exploit patterns, and attack vectors through practical demonstrations. Examine the credibility of IndexDB and the dangers of exploitable data in JSON objects. Discover the concept of cold cashing and its implications. Gain insights into effective solutions, including the importance of host names in securing client-side storage. Conclude with a comprehensive understanding of the insecurities caused by trusting client-side storage and strategies to mitigate these risks.
Syllabus
Intro
Cookies
Web Storage
What we are doing
The tainted chromium
Exploiting web applications
Exploit patterns
Attack vectors
Demo
IndexDB Credibility
Exploitable Data
JSON Objects
Cold Cashing
Solutions
Host Names
Conclusion
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network