Protection From Next Generation Web Attacks is Going to Take More Than Just SSL
With browsers escalating their feature set to accommodate new specifications like HTML 5, XHR Level 2 and DOM Level 3, browsers now form the backbone of next generation applications running on mobiles, tablets and desktops. The blend of DOM (Remote execution stack), XHR L2 (Sockets for injection) and HTML5 (Exploit delivery platform) together with the exposure of server side APIs, makes for easy access to a victims cookie jar. Additionally, with new features like audio/video tags, drag/drop APIs, CSS-Opacity, local storage, web workers and DOM selectors, the attack surface has increased significantly. Shreeraj Shah will explore all this and much more during his talk on Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2). In addition, details on how to detect and identify these types of vulnerabilities in order to protect next generation web applications will also be discussed.
Clickjacking attacks have been widely adopted by attackers as means to steal credentials or to perform drive-by download attacks. New UI redressing attacks have also shown that the the possibility to steal contents from a web session is very real. In CookieJacking, Rosario Valotta, will demonstrate a new attack vector that can be used to exploit a 0-day vulnerability currently affecting all Internet Explorer versions. The attack leverages a UI redressing approach and allows an attacker to steal session cookies from any site a victim is visiting.
In addition to these presentations on web and browser vulnerabilities, Ivan Ristic will give attendees an insight into the world of Secure Socket Layers – that little ‘lock’ in your browser window that secures everything from your e-mails to your online banking sessions. in his presentation A Real-Life Study of What Really Breaks SSL, Ristic will examine the problems of insecure session cookies, mixed content types, incorrect site configurations and distribution of trust to third-party sites. Ivan has also built a custom site crawler, which is currently being run against the world’s 1 million+ most high traffic sites and details of this study will also be discussed.
For further event details please see http://conference.hitb.nl/hitbsecconf2011ams/
HITBSecConf is run as a community-backed not-for-profit effort endorsed by the Malaysian Communications and Multimedia Commission (MCMC), Malaysian National Computer Confederation (MNCC), Multimedia Development Corporation (MDeC), MSC Malaysia and the Malaysian International Chamber of Commerce and Industry (MICCI).
Hack In The Box
Suite 26.3, Level 26, Menara IMC
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur, Malaysia
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Protection From Next Generation Web Attacks is Going to Take More Than Just SSL here
News-ID: 167836 • Views: 2507
More Releases from HITB
HITBSecConf2012 - Amsterdam brings new hackathon, Capture The Flag and keynotes …
Amsterdam, The Netherlands, 1 February 2012 – Hack In The Box Security Conference is back again in Amsterdam this year for the European leg of its annual circuit. From the 21st to the 25th of May, this deep knowledge security conference will once again bring together a unique mix of security professionals, independent researchers, government and law enforcement officials and members of the hacker underground. This year’s event
Credit Card Skimming and Pin Harvesting in an EMV World
Utrecht, The Netherlands, 26 April 2011 – On the 17th till the 20th of May, the Grand Krasnapolsky in Amsterdam will be home to the second annual Hack In The Box deep knowledge security conference, HITB2011AMS. In addition to bringing together a unique mix of security professionals, researchers, law enforcement and members of the hacker underground, this year’s conference also includes a new presentation on EMV security issues. A joint
OpenLeaks Exclusive and Closing Keynote by Richard Thieme Await HITB2011AMS Atte …
Utrecht, The Netherlands, 13 April 2011 – On the 17th till the 20th of May the Grand Krasnapolsky in Amsterdam will be home to the second annual Hack In The Box deep knowledge security conference, HITB2011AMS. Bringing together a unique mix of security professionals, researchers, law enforcement and members of the hacker underground, this years event will not only cover the next generation of attack and defence methods but attendees
Pwned by Phone – Vulnerabilities in Apple’s iPhone and Next Generation Mobil …
Utrecht, The Netherlands, 30 March 2011 – On the 17th till the 20th of May the Grand Krasnapolsky in Amsterdam will be home to the second annual Hack In The Back deep knowledge security conference, HITB2011AMS. Bringing together a unique mix of security professionals, researchers, law enforcement and members of the hacker underground, this years conference has an agenda packed with iPhone and iOS security goodies plus a very special
More Releases for Amsterdam
Pracedo Opens New Salesforce Consultancy In Amsterdam
Leading Salesforce consultancy, Pracedo, strengthened its Benelux presence with a new office in Amsterdam to support its customers. Pracedo, a Mashfrog Group Company, has opened a new office in Amsterdam. The new office will help Pracedo expand its presence and provide award-winning Salesforce consulting across the Benelux countries. Extending its global footprint, Pracedo’s new office is a part of its continued expansion into EMEA and APAC markets. This location will enable Pracedo
Fairmas expands with company representation in Amsterdam
Ellen Huerst represents Berlin-based hotel software developer Fairmas in Benelux April 27, 2018: Ellen Huerst, co-founder of PowerYourRoom, takes over the representation of Fairmas GmbH in the Benelux region with immediate effect. With this, Fairmas GmbH is taking another important step in the direction of expansion with the aim to further increase its international presence in the highly specialized niche market of the hotel industry. Since its foundation in Berlin in
ColossusCloud announces its new Amsterdam location
ColossusCloud, a leading provider of Linux and Windows virtual servers, announces that its platform is now available in the city of Amsterdam, Netherlands. "It is our entry into the rapidly expanding European market. We've positioned ColossusCloud right next to one of Europe's leading Internet traffic exchanges in order to provide the highest in network performance. Along that, our Amsterdam location is fully SSD powered, along with Xeon E5 servers and full
Innovative Technology celebrate 20th anniversary in Amsterdam
Staff from Oldham based, bank note validator manufacturer Innovative Technology Ltd (ITL) were in Amsterdam earlier this month celebrating the company’s 20th anniversary. Staff from ITL’s European offices (the UK, Germany and Spain) met for a celebratory weekend to mark the company’s 20 ‘Years of Innovation’. Marketing Executive, Dayna Patterson from the UK office said “Everyone had a brilliant weekend, sightseeing and socialising. It is not often we can get together
Robert Amsterdam Best Attorney
Lately Amsterdam & Peroff promoted which they have been employed because lawful experts in order to prior PM associated with Thailand Thaksin Shinawatra, to assist in our good problem for that rebirth associated with democracy as well as unsafe effects of regulation within the Southeast Hard anodized cookware nation. "We tend to be thrilled to become maintained through PM Shinawatra to work about this immediate issue, and that we take
Port of Amsterdam connected to the Betuweroute
As of this week the Port of Amsterdam will be connected to the Betuweroute, a dedicated cargo rail track towards Germany and into Europe. This means the port has managed to efficiently expand its railway connections to the hinterland. This week the railway connection to the Betuweroute near Meteren/Geldermalsen, which is intended for the city of Amsterdam, has been taken into operation. It is a significant milestone in strengthening the