Loading…
AppSec Europe 2016 has ended
Monday, June 27 • 09:00 - 17:00
Day 1/3 - Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

More and more web applications delegate business logic to the client. HTML.next, JavaScript, SVG, Canvas, ECMAScript 7/ES2016, AngularJS and ReactJS are just some terms that describe the contents of the modern web stack. But how does the attack surface look for those? What if there’s not GET parameters anymore that our scanner scan tamper with? What can we do when the server just delivers raw data and the rest is done by the browser? Classic web-pentests are “so nineties” in this realm. And keeping up the pace with progress is getting harder and harder.

But there is hope. The focus of this workshop is on the offensive and dangerous parts of HTML, JavaScript and related technologies, the nasty and undocumented stuff, dozens of new attack techniques straight from the laboratory of horrors of those maintaining the HTML5 Security Cheatsheet. We’ll learn how to attack any web-application with either unknown legacy features – or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES2016 mailing lists. Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps – we have that covered.

Whoever works with or against the security of modern web applications will enjoy and benefit from this workshop. A bit of knowledge on HTML and JavaScript is required, but rookies and rocket scientists will be satisfied equally.

HTML is a living standard. And so is this workshop. The course material will be provided on-site and via access to a private Github repository so all attendees will be receive updated material even months after the actual training. All attendees are granted perpetual access to updated slides and material.

Speakers
avatar for Mario Heiderich

Mario Heiderich

Founder, Cure 53
Dr.-Ing. Mario Heiderich, aging but still somewhat handsome heart-breaker, ex-security researcher and now a more or less overpaid secretary is from Berlin, still likes everything between lesser- and greater-than, also fine-food and wine-parings and leads a small yet exquisite pen-test... Read More →



Monday June 27, 2016 09:00 - 17:00 CEST
Bramante 04

Attendees (4)