PDA

View Full Version : Garage4Hackers Ranchoddas Webcast on In the DOM- no one will hear you scream



[s]
09-18-2014, 03:43 PM
We would like to announce our next rancho Author Mario Heiderich

Title :
In the DOM- no one will hear you scream


Abstract
This talk is about the DOM and its more twilight areas. Well see the weird parts and talk about where and why this might be security
critical and affect your precious online applications, browser extensions or packaged apps. To understand the foundations of what the
DOM has become by today, we'll further explore the historical parts - who created the DOM, what was the intention and how fought dirty about it during the browser wars.

Finally, we'll see a DOM based attack called "DOM Clobbering". An attack, that is everything but obvious and affected a very popular and
commonly used Rich Text Editor. Be prepared for a lot of tech-talk as well as fear and loathing in the browser window. But don't shed no
tears, there's a tool that fixes the security crazy for you and this talk will present it.

Speaker Bio

Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft while finishing his PhD thesis. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters/ /alert(/Obfuscation/)-' - a book on how an attacker would bypass different types of security controls including IDS/IPS

Registration Link :
https://docs.google.com/forms/d/1qezCOA4EhsRmUH0jtARO68uj_16oOSmXhGi61L_jJUY/viewform

https://pbs.twimg.com/media/BxvCQ1xCYAEpnEz.png




Kind Regard,
Garage4Hackers Team
Http://garage4hackers.com