The Forbidden Image - Security Impact of SVG on the WWW - Mario Heiderich - Hack in Paris
Hack in Paris via YouTube
Overview
Explore the security implications of Scalable Vector Graphics (SVG) on the World Wide Web in this 23-minute conference talk from Hack in Paris. Delve into the powerful features of SVG, including its vector-based structure, XML format, and additional modules like animations and scripting APIs. Examine the potential risks associated with SVG implementation, learn about attacker abuse techniques, and discover methods for executing malicious code. Gain insights into the impact of HTML5 on SVG usage and understand the importance of SVG variants like SVG Tiny and in-line SVG for security professionals. Witness examples of malicious SVGs and explore a novel filtering tool for sanitizing SVG images without compromising content integrity.
Syllabus
Intro
What is SVG
History of SVG
Basic SVG
SVG family
SVG features
Tiger
SVG in scripting
How to deploy SVG
Security boundaries
Taught by
Hack in Paris