Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers

Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers

Black Hat via YouTube Direct link

What are login forms like out there?

15 of 25

15 of 25

What are login forms like out there?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Browser choices
  3. 3 The Same-Origin Policy
  4. 4 XSS - the underlying problem
  5. 5 XSS - what an attacker can do
  6. 6 Types of XSS
  7. 7 Isn't XSS so 2010?
  8. 8 Passwords on the Web
  9. 9 Solution: A Password Manager
  10. 10 Password Managers and XSS
  11. 11 Security Considerations
  12. 12 Five key features of PW Managers
  13. 13 HTML5 autocomplete
  14. 14 Our notion vs. Google's notion
  15. 15 What are login forms like out there?
  16. 16 Analysis of Web password fields
  17. 17 Similar attacker model
  18. 18 Comparing the attacks
  19. 19 Bottom line
  20. 20 Mismatch in notion/implementations
  21. 21 Our proposed solution
  22. 22 Constraints for this approach
  23. 23 PoC Implementation
  24. 24 Functional evaluation
  25. 25 What to take away!

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.