Explore a critical security talk from BSidesSF 2018 that delves into the vulnerabilities of web applications to client-side injections and tampering. Learn about the risks posed by malicious extensions, Man-in-the-Browser trojans, and injection attacks like reflected XSS. Discover how these threats can alter webpage behavior and leak sensitive information without the knowledge of web application owners. Gain insights into innovative techniques for monitoring webpages for malicious modifications, including DOM-tampering, code injection, event-hijacking, and code poisoning. Understand the implementation of real-time removal methods using a combination of recent browser features such as Mutation Observers and integrity checks from tamper-resistant JavaScript code. This 38-minute presentation by Pedro Fortuna offers valuable knowledge for web developers and security professionals seeking to enhance their understanding of client-side web application security.
Overview
Syllabus
BSidesSF 2018 - Caught My WebApp Cheating on Me! (Pedro Fortuna)
Taught by
Security BSides San Francisco
Related Courses
-
Achieving the Web Isolation Nirvana - How Far Along Are We?
-
Edgeguard: Client-side DOM Security Framework for Detecting Malicious Content - APPSEC Cali 2018
-
Complete Web Application Hacking & Penetration Testing
-
JavaScript - The Evil Parts
-
Learn Ethical Hacking From Scratch 2024
5.0 -
Cache Me If You Can - Messing with Web Caching
