Explore the security implications of Scalable Vector Graphics (SVG) on the World Wide Web in this 23-minute conference talk from Hack in Paris. Delve into the powerful features of SVG, including its vector-based structure, XML format, and additional modules like animations and scripting APIs. Examine the potential risks associated with SVG implementation, learn about attacker abuse techniques, and discover methods for executing malicious code. Gain insights into the impact of HTML5 on SVG usage and understand the importance of SVG variants like SVG Tiny and in-line SVG for security professionals. Witness examples of malicious SVGs and explore a novel filtering tool for sanitizing SVG images without compromising content integrity.
The Forbidden Image - Security Impact of SVG on the WWW - Mario Heiderich - Hack in Paris
Hack in Paris via YouTube
Overview
Syllabus
Intro
What is SVG
History of SVG
Basic SVG
SVG family
SVG features
Tiger
SVG in scripting
How to deploy SVG
Security boundaries
Taught by
Hack in Paris
Related Courses
-
The Forbidden Image - Security Impact of SVG on the WWW
-
SVG - Exploiting Browsers without Image Parsing Bugs
-
Measuring Risk with Time Based Security - Winn Schwartau - Hack in Paris
-
Agnition - The Security Code Review Swiss Army Knife - David Rook - Hack in Paris
-
Proactive Network Security Through Vulnerability Management - Gary Miliefsky - Hack in Paris
-
From Printed Circuit Boards to Exploits: Pwning IoT Devices Like a Boss - Damien Cauquil - Hack in Paris - 2018
