Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Attacking Modern Web Technologies

NDC Conferences via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore modern web technology vulnerabilities and hacking techniques in this 55-minute conference talk by top-ranked white-hat hacker Frans Rosén. Discover how to access private Slack tokens using postMessage and WebSocket-reconnect, and learn about vulnerable configurations in AWS and Google Cloud that can lead to full asset control. Gain insights into new hacks, bug bounty stories, and eye-opening revelations about the security of protocols and policies you thought were safe. Dive into topics such as the Werkzeug Debugger, Patreon vulnerabilities, cookie stuffing, browser bugs, AppCache demos, Service Workers, AWS S3 upload policies, and Slack's postMessage function. Walk away with a deeper understanding of web security challenges and the importance of robust protection measures in today's digital landscape.

Syllabus

Intro
Frans Rosén
How did I get here?
Rundown
Werkzeug Debugger
Patreon
Cookie Stuffing
Bug in EVERY BROWSER
Surprise - Specification was vague
AppCache DEMO
Service Workers - AppCache's bigger brother
Upload Policies AWS S3
Pitfalls AWS S3
AWS STS • Generates temporary credentials client side
Your own policy-logic - The worst
Full read access to every object
Slack's postMessage
Slack's call function
Rabbit hole
reconnect!
Walkthrough

Taught by

NDC Conferences

Reviews

Start your review of Attacking Modern Web Technologies

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.