Presented at
LocoMocoSec 2018,
April 4, 2018, 9 a.m.
(480 minutes).
More and more web applications delegate business logic to the client. HTML.next, JavaScript, SVG, Canvas, ES2017 & AngularJS are just some terms that describe the contents of the modern web stack. But how does the attack surface look for those? What if there’s not GET parameters anymore that our scanner scan tamper with? Classic web-pentests are “so nineties” in this realm. And keeping up the pace with progress is getting harder and harder.
But there is hope. We’ll learn how to attack any web-application with either unknown legacy features – or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES2017 mailing lists. Whether you want to attack modern web applications or shiny browser extensions – we have that covered.
HTML is a living standard. And so is this workshop. The course material will be provided on-site and via access to a private Github repository so all attendees will be receive updated material even months after the actual training.
Presenters:
-
Mario Heiderich
- Cure 53
Dr.-Ing. Mario Heiderich, aging but still somewhat handsome heart-breaker, ex-security researcher and now a more or less overpaid secretary is from Berlin, still likes everything between lesser- and greater-than, also fine-food and wine-parings and leads a small yet exquisite pen-test company. He frequently pesters peaceful attendees on various conferences with PowerPoint-slides and a very immature sense of humor. Since he doesn't do any research any longer, he really has no actual talk material left, hence finds himself pushed into the shadiest of corners, the keynote corner. People often laugh during his presentations and he assumes it's about his jokes. He could not be more wrong with his assessment.
Links:
Similar Presentations: