Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Securing Webviews and The Story Behind CVE-2021-21136

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of securing Webviews and uncover the story behind CVE-2021-21136 in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into common Webview-related security issues, including insecure Deeplink implementation, insufficient URL validation, and lack of Webview isolation. Learn prevention techniques to enhance mobile application security and robustness. Discover the journey behind identifying and reporting the Chromium CVE:2021-21136, which exposed sensitive data leakage in Android Webviews. Gain insights from security experts Imdadullah Mohammed and Shiv Sahni as they share their extensive experience in application security, penetration testing, and secure code reviews. Examine detailed code snippets, demonstrations, and real-world examples to understand the complexities of Webview security and its impact on mobile application development.

Syllabus

Introduction
Chef Sajan
India Mohammed
Agenda
What is a CV
Webviews
Load URL API
Deep Links
Conclusion
Mobile Application Workflow
Bug Explanation
Initial Observations
Timeline
Demo
Role of Plan
Common Webview Issues
Use Case
Code snippet
Insufficient URL validation
Issue with GetHost
Impact
Unintended Data Leakage
Sharing Sensitive Data
Lack of Isolation
LearningsRecommendations
Secure URL Validation
Webview Implementation
Android Webview Implementation
iOS Webview Implementation
iOS Webview Settings
Learnings
References
Live Slide

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Securing Webviews and The Story Behind CVE-2021-21136

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.