Overview
Explore a critical security talk from BSidesSF 2018 that delves into the vulnerabilities of web applications to client-side injections and tampering. Learn about the risks posed by malicious extensions, Man-in-the-Browser trojans, and injection attacks like reflected XSS. Discover how these threats can alter webpage behavior and leak sensitive information without the knowledge of web application owners. Gain insights into innovative techniques for monitoring webpages for malicious modifications, including DOM-tampering, code injection, event-hijacking, and code poisoning. Understand the implementation of real-time removal methods using a combination of recent browser features such as Mutation Observers and integrity checks from tamper-resistant JavaScript code. This 38-minute presentation by Pedro Fortuna offers valuable knowledge for web developers and security professionals seeking to enhance their understanding of client-side web application security.
Syllabus
BSidesSF 2018 - Caught My WebApp Cheating on Me! (Pedro Fortuna)
Taught by
Security BSides San Francisco