YoVDO

The Insecurity Caused by Trusting Your Client-Side Storage

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Web Application Security Courses Cookies Courses

Course Description

Overview

Explore the security risks associated with client-side storage in this 41-minute conference talk from the OWASP Foundation. Delve into the vulnerabilities of cookies and web storage, understanding the potential for exploitation in web applications. Learn about tainted chromium, exploit patterns, and attack vectors through practical demonstrations. Examine the credibility of IndexDB and the dangers of exploitable data in JSON objects. Discover the concept of cold cashing and its implications. Gain insights into effective solutions, including the importance of host names in securing client-side storage. Conclude with a comprehensive understanding of the insecurities caused by trusting client-side storage and strategies to mitigate these risks.

Syllabus

Intro
Cookies
Web Storage
What we are doing
The tainted chromium
Exploiting web applications
Exploit patterns
Attack vectors
Demo
IndexDB Credibility
Exploitable Data
JSON Objects
Cold Cashing
Solutions
Host Names
Conclusion


Taught by

OWASP Foundation

Related Courses

Authentication & Authorization: OAuth
Udacity Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Hacking and Patching
University of Colorado System via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera