SlideShare a Scribd company logo

Ultimate DOM-based XSS Detection Scanner on Cloud

N
neraliu

Ultimate DOM-based XSS Detection Scanner on Cloud presenting in the BlackHat Asia 2014 Singapore

Software
1 of 24
Download to read offline
Ul#mate  DOM  Based  XSS   Detec#on  Scanner  On  Cloud   Nera  W.  C.  Liu  &  Albert  Yu   Paranoids   Yahoo  
•  DOM  XSS   •  Our  solu=on   •  DEMO! Agenda
Who  are  we What  people  think  we  are? What  we  think  we  are? What  we  actually  are?
DO[r]M  XSS
•  Does  not  rely  on  flaws  in  applica=on  containers   •  Easier  target  for  aIacker   •  Harder  for  defender  to  detect     See  “DOM  Based  Cross  Site  Scrip=ng  or  XSS  of  the  Third  Kind”.  Amit  Klein.  2005.  hIp:// www.webappsec.org/projects/ar=cles/071105.shtml   “XSS  of  the  3rd  Kind”
hDp://www.vulnerable.site/welcome.html#foo<script
Sta#c  Analysis
⌥⌘U
If  that’s  not  enough •  Anonymous  func=ons         •  Dynamic  loading  
The  Chemistry  of  DOM   what  is  executable?
The  Chemistry  of  DOM   what  is  executable?
DOM  XSS  DETECTION  
•  Analysis  how   “an=gen”  (untrusted   data)  get  into  our   “body”  (DOM)   What  we  want  to  do
char* •  All  arithme=c  opera=ons   need  to  be  overridden   •  Enable  to  propagate   through  different  context   (HTML/CSS/JS)  
Tainted  Phantomjs •  Hacking  the   JavaScriptCore  and   WebKit  engine  by   propaga=ng  the   tainted  signal  during   the  javascript   execu=on.  
Source  code  of  Tainted  PhantomJS sink  –  document.write   Source  –  loca=on.href   Sink  –  document.writeln   Propaga=on  –  String.concat  
Flow  Analysis
•  [screenshots] Flow  Analysis
False  alarm  rate     =  non-­‐issues  /  issues  reported   More  you  fix,  the  higher  the   false  alarm  rate   Our  ul=mate  goal:        0  false  alarm  =  0%  rate! Usable  Security
Benchmark  and  Comparisons   peak  memory  usage The  tainted  logic  performance  hit  is  negligible! The  average  peak  memory  usage
DEMO      hIp://www.youtube.com/watch?v=VU3YnAwc2Ag  
•  hIp://www.flickr.com/photos/58053205@N06/6999839463/   •  hIp://www.flickr.com/photos/67272961@N03/6123892769/   •  hIp://upload.wikimedia.org/wikipedia/commons/7/75/UCLA_dorm_room.JPG   •  hIp://www.flickr.com/photos/44124348109@N01/4682168995/   •  hIp://www.flickr.com/photos/15923063@N00/3150765076/   •  hIp://www.flickr.com/photos/88063120@N00/3529818070/   •  hIp://en.wikipedia.org/wiki/File:Angiome_annulaire.JPG   •  hIp://www.flickr.com/photos/free-­‐stock/4817475664/   •  hIp://www.flickr.com/photos/78428166@N00/9604922912/   Crea#ve  Commons
THANK  YOU!
Ultimate DOM-based XSS Detection Scanner on Cloud

Recommended

Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
 
ActiveRecord Callbacks - RORLab Season 3-5
ActiveRecord Callbacks - RORLab Season 3-5ActiveRecord Callbacks - RORLab Season 3-5
ActiveRecord Callbacks - RORLab Season 3-5창훈 정
 
Ateroma v12 N°1 - Marzo 2015
Ateroma v12 N°1 - Marzo 2015Ateroma v12 N°1 - Marzo 2015
Ateroma v12 N°1 - Marzo 2015Apoa Perú
 
марал канапиянова+аквацентр+идея
марал канапиянова+аквацентр+идеямарал канапиянова+аквацентр+идея
марал канапиянова+аквацентр+идеяМарал Канапиянова
 
Andrea Rigoni Conadc 2016
Andrea Rigoni Conadc 2016Andrea Rigoni Conadc 2016
Andrea Rigoni Conadc 2016Andrea Rigoni
 
Immerse, Engage, Involve: Implementing a QR strategy
Immerse, Engage, Involve: Implementing a QR strategyImmerse, Engage, Involve: Implementing a QR strategy
Immerse, Engage, Involve: Implementing a QR strategyBrandy Luscalzo
 
Most Expensive Animals World - wide
Most Expensive Animals World - wideMost Expensive Animals World - wide
Most Expensive Animals World - wideMakala D.
 
Sustainable LA
Sustainable LASustainable LA
Sustainable LARupal Rathi
 

Recommended

Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
 
ActiveRecord Callbacks - RORLab Season 3-5
ActiveRecord Callbacks - RORLab Season 3-5ActiveRecord Callbacks - RORLab Season 3-5
ActiveRecord Callbacks - RORLab Season 3-5창훈 정
 
Ateroma v12 N°1 - Marzo 2015
Ateroma v12 N°1 - Marzo 2015Ateroma v12 N°1 - Marzo 2015
Ateroma v12 N°1 - Marzo 2015Apoa Perú
 
марал канапиянова+аквацентр+идея
марал канапиянова+аквацентр+идеямарал канапиянова+аквацентр+идея
марал канапиянова+аквацентр+идеяМарал Канапиянова
 
Andrea Rigoni Conadc 2016
Andrea Rigoni Conadc 2016Andrea Rigoni Conadc 2016
Andrea Rigoni Conadc 2016Andrea Rigoni
 
Immerse, Engage, Involve: Implementing a QR strategy
Immerse, Engage, Involve: Implementing a QR strategyImmerse, Engage, Involve: Implementing a QR strategy
Immerse, Engage, Involve: Implementing a QR strategyBrandy Luscalzo
 
Most Expensive Animals World - wide
Most Expensive Animals World - wideMost Expensive Animals World - wide
Most Expensive Animals World - wideMakala D.
 
Sustainable LA
Sustainable LASustainable LA
Sustainable LARupal Rathi
 
Minhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front PageMinhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front Pageminhaj uddin khan
 
Light Pillars - Beautiful Nature
Light Pillars - Beautiful Nature Light Pillars - Beautiful Nature
Light Pillars - Beautiful NatureMakala D.
 
Ahmed’s story
Ahmed’s storyAhmed’s story
Ahmed’s storyPlamen Miltenoff
 
Plamen’s story
Plamen’s storyPlamen’s story
Plamen’s storyPlamen Miltenoff
 
Seminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECTSeminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECTmandava geethabhargava
 
Aircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysisAircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysisAnurak Atthasit
 
Plano de negocios canal publicitário
Plano de negocios canal publicitárioPlano de negocios canal publicitário
Plano de negocios canal publicitárioNeuma Oliveira
 
store_design
store_designstore_design
store_designGorodetsky Igor
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5sixdub
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...OpenSource Connections
 
Big Data Analytics V2
Big Data Analytics V2Big Data Analytics V2
Big Data Analytics V2Marko Grobelnik
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpFelipe Prado
 
Rapid Prototyping with Solr
Rapid Prototyping with SolrRapid Prototyping with Solr
Rapid Prototyping with SolrLucidworks (Archived)
 
Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher lucenerevolution
 
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile PlatformsThe Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platformskosborn
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
The tortoise and the ORM
The tortoise and the ORMThe tortoise and the ORM
The tortoise and the ORMFrikkie van Biljon
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 

More Related Content

Viewers also liked

Minhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front PageMinhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front Pageminhaj uddin khan
 
Light Pillars - Beautiful Nature
Light Pillars - Beautiful Nature Light Pillars - Beautiful Nature
Light Pillars - Beautiful NatureMakala D.
 
Seminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECTSeminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECTmandava geethabhargava
 
Aircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysisAircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysisAnurak Atthasit
 
Plano de negocios canal publicitário
Plano de negocios canal publicitárioPlano de negocios canal publicitário
Plano de negocios canal publicitárioNeuma Oliveira
 

Viewers also liked (8)

Minhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front PageMinhaj MBA AIOU Pakistan Front Page
Minhaj MBA AIOU Pakistan Front Page
 
Light Pillars - Beautiful Nature
Light Pillars - Beautiful Nature Light Pillars - Beautiful Nature
Light Pillars - Beautiful Nature
 
Ahmed’s story
Ahmed’s storyAhmed’s story
Ahmed’s story
 
Plamen’s story
Plamen’s storyPlamen’s story
Plamen’s story
 
Seminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECTSeminar On VGTM-VUDA AREA METRO RAIL PROJECT
Seminar On VGTM-VUDA AREA METRO RAIL PROJECT
 
Aircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysisAircraft propulsion non ideal turbofan cycle analysis
Aircraft propulsion non ideal turbofan cycle analysis
 
Plano de negocios canal publicitário
Plano de negocios canal publicitárioPlano de negocios canal publicitário
Plano de negocios canal publicitário
 
store_design
store_designstore_design
store_design
 

Similar to Ultimate DOM-based XSS Detection Scanner on Cloud

Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5sixdub
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...OpenSource Connections
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpFelipe Prado
 
Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher lucenerevolution
 
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile PlatformsThe Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platformskosborn
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith Jones, PhD
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic MalwareOkta
 
Frontera распределенный робот для обхода веба в больших объемах / Александр С...
Frontera распределенный робот для обхода веба в больших объемах / Александр С...Frontera распределенный робот для обхода веба в больших объемах / Александр С...
Frontera распределенный робот для обхода веба в больших объемах / Александр С...Ontico
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsAndy Robbins
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
 

Similar to Ultimate DOM-based XSS Detection Scanner on Cloud (20)

Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
Abusing "Accepted Risk" With 3rd Party C2 - HackMiamiCon5
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012
 
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
 
Big Data Analytics V2
Big Data Analytics V2Big Data Analytics V2
Big Data Analytics V2
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 
Rapid Prototyping with Solr
Rapid Prototyping with SolrRapid Prototyping with Solr
Rapid Prototyping with Solr
 
Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher
 
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile PlatformsThe Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platforms
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
 
The tortoise and the ORM
The tortoise and the ORMThe tortoise and the ORM
The tortoise and the ORM
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
 
Frontera распределенный робот для обхода веба в больших объемах / Александр С...
Frontera распределенный робот для обхода веба в больших объемах / Александр С...Frontera распределенный робот для обхода веба в больших объемах / Александр С...
Frontera распределенный робот для обхода веба в больших объемах / Александр С...
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLs
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 

Recently uploaded

VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 

Recently uploaded (20)

VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 

Ultimate DOM-based XSS Detection Scanner on Cloud

  • 1. Ul#mate  DOM  Based  XSS   Detec#on  Scanner  On  Cloud   Nera  W.  C.  Liu  &  Albert  Yu   Paranoids   Yahoo  
  • 2. •  DOM  XSS   •  Our  solu=on   •  DEMO! Agenda
  • 3. Who  are  we What  people  think  we  are? What  we  think  we  are? What  we  actually  are?
  • 5. •  Does  not  rely  on  flaws  in  applica=on  containers   •  Easier  target  for  aIacker   •  Harder  for  defender  to  detect     See  “DOM  Based  Cross  Site  Scrip=ng  or  XSS  of  the  Third  Kind”.  Amit  Klein.  2005.  hIp:// www.webappsec.org/projects/ar=cles/071105.shtml   “XSS  of  the  3rd  Kind”
  • 9. If  that’s  not  enough •  Anonymous  func=ons         •  Dynamic  loading  
  • 10. The  Chemistry  of  DOM   what  is  executable?
  • 11. The  Chemistry  of  DOM   what  is  executable?
  • 13. •  Analysis  how   “an=gen”  (untrusted   data)  get  into  our   “body”  (DOM)   What  we  want  to  do
  • 14. char* •  All  arithme=c  opera=ons   need  to  be  overridden   •  Enable  to  propagate   through  different  context   (HTML/CSS/JS)  
  • 15. Tainted  Phantomjs •  Hacking  the   JavaScriptCore  and   WebKit  engine  by   propaga=ng  the   tainted  signal  during   the  javascript   execu=on.  
  • 16. Source  code  of  Tainted  PhantomJS sink  –  document.write   Source  –  loca=on.href   Sink  –  document.writeln   Propaga=on  –  String.concat  
  • 19. False  alarm  rate     =  non-­‐issues  /  issues  reported   More  you  fix,  the  higher  the   false  alarm  rate   Our  ul=mate  goal:        0  false  alarm  =  0%  rate! Usable  Security
  • 20. Benchmark  and  Comparisons   peak  memory  usage The  tainted  logic  performance  hit  is  negligible! The  average  peak  memory  usage
  • 21. DEMO      hIp://www.youtube.com/watch?v=VU3YnAwc2Ag  
  • 22. •  hIp://www.flickr.com/photos/58053205@N06/6999839463/   •  hIp://www.flickr.com/photos/67272961@N03/6123892769/   •  hIp://upload.wikimedia.org/wikipedia/commons/7/75/UCLA_dorm_room.JPG   •  hIp://www.flickr.com/photos/44124348109@N01/4682168995/   •  hIp://www.flickr.com/photos/15923063@N00/3150765076/   •  hIp://www.flickr.com/photos/88063120@N00/3529818070/   •  hIp://en.wikipedia.org/wiki/File:Angiome_annulaire.JPG   •  hIp://www.flickr.com/photos/free-­‐stock/4817475664/   •  hIp://www.flickr.com/photos/78428166@N00/9604922912/   Crea#ve  Commons