Presented at
Kiwicon 2038AD: The Dystopic Future is Now (2018),
Nov. 16, 2018, 3 p.m.
(30 minutes).
Service workers are all the rage for progressive web apps nowadays. This talk will take a look at Service Workers from a different perspective. We'll talk about ways to abuse them by exploiting XSS issues. We'll cover how to create a pseudo browser backdoor with service workers as well as some of its limitations. The talk will include demos as demonstration of the attacks, and will introduce various defence mechanisms against them.
Presenters:
-
Claudio Contin
Claudio is a security consultant with ZX Security in Wellington. Before working in security, he spent several years developing web applications. He made small contributions to BEeF framework (http://beefproject.com/) and Gophish (https://getgophish.com/) open source projects.
-
Emmanuel Law
Emmanuel Law (@libnex) used to be a consultant in Wellington. He's now a security engineer in the Bay Area.
Similar Presentations: