Presented at
RVAsec 2022,
June 16, 2022, 1 p.m.
(50 minutes).
Why is the web full of cross-site scripting and cross-site request forgery even through browsers enforce the Same Origin Policy? Can we use the Same Origin Policy to mitigate these attacks? In this talk, we'll answer these questions and more, including uncovering some shortcomings of the Same Origin Policy that can allow attackers to scrape sensitive information from internal websites without authorization.
Presenters:
-
Collin Berman
- Capital One
Collin Berman is a pentester at Capital One Financial, focusing on web, cloud, and cryptography. After getting his start playing CTFs in high school, Collin went on to found the University of Virginia's Computer and Network Security Club. When not on the Internet, Collin enjoys hiking, camping, climbing, and skiing.
Links:
Similar Presentations: