Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Forbidden Image - Security Impact of SVG on the WWW

Hack in Paris via YouTube

Overview

Explore the security implications of Scalable Vector Graphics (SVG) on the World Wide Web in this comprehensive conference talk. Delve into the powerful features of SVG, including its vector-based structure, XML format, and additional modules like animations and scripting APIs. Examine the potential risks associated with SVG implementation, such as script code execution and cross-domain content inclusion. Learn about various SVG-related concepts, including SVG Tiny, inline SVG, and SVGz, and their relevance to security professionals. Discover examples of malicious SVGs and gain insights into a novel filtering tool for sanitizing SVG images without compromising content integrity. Understand the impact of HTML5 on SVG usage and the security considerations for web developers and browser vendors when working with this versatile image format.

Syllabus

Intro
SVG
SVG history
SVG example
SVG family
SVG features
Tiger
Examples
Deployment methods
Security boundaries
JavaScript execution
Attack pattern
Inline SVG
Abuse scoping
History of SVG flaws
Perfect SVG chameleon
Oprah
Testing
Firefox

Taught by

Hack in Paris

Reviews

Start your review of The Forbidden Image - Security Impact of SVG on the WWW

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.