Explore a powerful approach to uncovering DOM-based vulnerabilities in modern web applications through this Black Hat conference talk. Delve into the challenges posed by JavaScript-heavy applications for penetration testers and scanners, and discover how dynamic analysis can reveal client-side attacks like DOM XSS, insecure WebSocket usage, and problematic global variables. Learn about Hookish!, an open-source Chrome extension that overrides DOM properties to expose critical security insights. Gain hands-on experience with Dom Flow, a feature allowing intuitive visualization of data flow between sources and sinks, enabling deeper understanding of application behavior and facilitating the discovery of hidden DOM-based bugs. Equip yourself with advanced techniques to conduct more effective penetration tests on complex web applications and stay ahead of evolving security challenges.
Overview
Syllabus
Dom Flow - Untangling The DOM For More Easy-Juicy Bugs
Taught by
Black Hat
Related Courses
-
Complete Website Ethical Hacking and Penetration Testing
-
JS Security - A Pentester's Perspective
-
Eval Villain - Simplifying DOM XSS and JS Reversing
-
Ethical Hacking & Penetration Testing with Metasploit
-
Client-Side Protection Against DOM-Based XSS Done Right
-
ToStaticHTML for Everyone - About DOMPurify
