Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Browser choices
- 3 The Same-Origin Policy
- 4 XSS - the underlying problem
- 5 XSS - what an attacker can do
- 6 Types of XSS
- 7 Isn't XSS so 2010?
- 8 Passwords on the Web
- 9 Solution: A Password Manager
- 10 Password Managers and XSS
- 11 Security Considerations
- 12 Five key features of PW Managers
- 13 HTML5 autocomplete
- 14 Our notion vs. Google's notion
- 15 What are login forms like out there?
- 16 Analysis of Web password fields
- 17 Similar attacker model
- 18 Comparing the attacks
- 19 Bottom line
- 20 Mismatch in notion/implementations
- 21 Our proposed solution
- 22 Constraints for this approach
- 23 PoC Implementation
- 24 Functional evaluation
- 25 What to take away!