Testing Everything for ASP.NET MVC Applicationsmatthoneycutt
From CodeStock 2013 - There are many kinds of testing for ASP.NET MVC applications. Find out about unit testing JavaScript with Jasmine, unit testing C# with SpecsFor, and end-to-end testing all the pieces together with SpecsFor.Mvc.
WINDOWS MANAGEMENT INSTRUMENTATION – A FRONTDOOR FOR MALWARES!
Windows Management Instrumentation is an implementation of web based enterprise management. WMI was a packaged along with the OS since Windows 2000. In the recent version of Windows it has been bundled by default. Ever since the “protection” has been increased, attackers have been looking for alternative ways to do remote code execution, steal passwords and run with system privileges. There has been an increase in malware binaries which specifically use WMI for various privilege escalation purposes without getting detected. WMI was specifically abused by malware authors to target financial sector. It is easy to create a process on a remote machine with a WMI client. Since 2013 there has been various reports of malware using WMI to gather system data before executing predominant payload. This talk will give an introduction to WMI and demonstrate the various ways that WMI can be used as an attacker’s swiss army knife, how malware authors are using this to leverage their exploits, how the present day tools can be used and how to protect against these type of attacks.
This document provides an introduction to dependency injection. It explains that dependency injection allows code to request dependencies rather than create them directly, making code more flexible and testable. It demonstrates how to define interfaces for dependencies and configure a dependency injection container to resolve them. Writing unit tests is easier with dependency injection because mock dependencies can be passed in instead of real implementations. The document also discusses additional features of dependency injection containers like lifetime management and configuration options.
The Xcode build process involves several steps:
1. Compiling source code files into object files
2. Linking the object files together along with libraries to produce an executable file
3. Running scripts at defined points in the build process
The build system parses the Xcode project file to determine dependencies between files and the order to compile, link and run scripts. It uses llbuild under the hood to efficiently execute tasks in parallel where possible to optimize build time.
Web Application Security 101 - 14 Data ValidationWebsecurify
In part 14 of Web Application Security 101 you will learn about SQL Injection, Cross-site Scripting, Local File Includes and other common types of data validation problems.
Rich Web App Security - Keeping your application safeJeremiah Grossman
The document discusses securing web applications from common vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF). It outlines various techniques attackers use to exploit these issues, such as injecting malicious scripts into user input or forging unauthorized requests. The document then provides recommendations for developers to prevent these attacks, such as carefully validating and encoding all user input, and authenticating that requests are intended by the user.
This document discusses cross-site scripting (XSS) attacks and how they can be carried out. It describes different types of XSS like reflected, stored, and DOM-based XSS. It provides examples of real-world XSS attacks on sites like MySpace, Twitter, and Apache. It also discusses techniques attackers use to deliver payloads, bypass input filtering, span injections across multiple locations, and more. The goal is to summarize the key points about how XSS attacks work and strategies attackers employ.
Testing Everything for ASP.NET MVC Applicationsmatthoneycutt
From CodeStock 2013 - There are many kinds of testing for ASP.NET MVC applications. Find out about unit testing JavaScript with Jasmine, unit testing C# with SpecsFor, and end-to-end testing all the pieces together with SpecsFor.Mvc.
WINDOWS MANAGEMENT INSTRUMENTATION – A FRONTDOOR FOR MALWARES!
Windows Management Instrumentation is an implementation of web based enterprise management. WMI was a packaged along with the OS since Windows 2000. In the recent version of Windows it has been bundled by default. Ever since the “protection” has been increased, attackers have been looking for alternative ways to do remote code execution, steal passwords and run with system privileges. There has been an increase in malware binaries which specifically use WMI for various privilege escalation purposes without getting detected. WMI was specifically abused by malware authors to target financial sector. It is easy to create a process on a remote machine with a WMI client. Since 2013 there has been various reports of malware using WMI to gather system data before executing predominant payload. This talk will give an introduction to WMI and demonstrate the various ways that WMI can be used as an attacker’s swiss army knife, how malware authors are using this to leverage their exploits, how the present day tools can be used and how to protect against these type of attacks.
This document provides an introduction to dependency injection. It explains that dependency injection allows code to request dependencies rather than create them directly, making code more flexible and testable. It demonstrates how to define interfaces for dependencies and configure a dependency injection container to resolve them. Writing unit tests is easier with dependency injection because mock dependencies can be passed in instead of real implementations. The document also discusses additional features of dependency injection containers like lifetime management and configuration options.
The Xcode build process involves several steps:
1. Compiling source code files into object files
2. Linking the object files together along with libraries to produce an executable file
3. Running scripts at defined points in the build process
The build system parses the Xcode project file to determine dependencies between files and the order to compile, link and run scripts. It uses llbuild under the hood to efficiently execute tasks in parallel where possible to optimize build time.
Web Application Security 101 - 14 Data ValidationWebsecurify
In part 14 of Web Application Security 101 you will learn about SQL Injection, Cross-site Scripting, Local File Includes and other common types of data validation problems.
Rich Web App Security - Keeping your application safeJeremiah Grossman
The document discusses securing web applications from common vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF). It outlines various techniques attackers use to exploit these issues, such as injecting malicious scripts into user input or forging unauthorized requests. The document then provides recommendations for developers to prevent these attacks, such as carefully validating and encoding all user input, and authenticating that requests are intended by the user.
This document discusses cross-site scripting (XSS) attacks and how they can be carried out. It describes different types of XSS like reflected, stored, and DOM-based XSS. It provides examples of real-world XSS attacks on sites like MySpace, Twitter, and Apache. It also discusses techniques attackers use to deliver payloads, bypass input filtering, span injections across multiple locations, and more. The goal is to summarize the key points about how XSS attacks work and strategies attackers employ.
XSS (cross-site scripting) is a common web vulnerability that allows attackers to inject client-side scripts. The document discusses various types of XSS attacks and defenses against them. It covers:
1) Reflected/transient XSS occurs when untrusted data in URL parameters is immediately displayed without sanitization. Stored/persistent XSS occurs when untrusted data is stored and later displayed. DOM-based XSS manipulates the DOM.
2) Defenses include HTML/URL encoding untrusted data before displaying it, validating all inputs, and using context-specific encoding for HTML elements, attributes, JavaScript, and URLs.
3) The OWASP Java Encoder Project and Microsoft Anti
This document discusses cross-site scripting (XSS) attacks and how they work. It covers different types of XSS like reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when untrusted user input is reflected back without sanitization. Stored XSS happens when malicious scripts are stored in a database or server and executed when others view the content. DOM-based XSS abuses client-side scripts that access data from the URL and display it. Real-world examples like attacks on Apache, MySpace, and Twitter are also described.
Cross Site Scripting: Prevention and Detection(XSS)Aman Singh
Cross-Site Scripting (referred to as XSS) is a type of web application attack where malicious client-side script is injected into the application output and subsequently executed by the user’s browser.
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
This document discusses cross-site scripting (XSS) vulnerabilities. It covers the business risks of XSS, including account compromise and malware installation. It explains how XSS works by giving an example of a reflected XSS attack. It then discusses different XSS attack points and variations. The document outlines mitigation techniques like output encoding and content security policies. It provides examples of how these defenses work to prevent XSS exploits. Finally, it discusses tools like the OWASP XSS prevention cheat sheet and upcoming security training sessions.
Post XSS Exploitation : Advanced Attacks and RemediesAdwiteeya Agrawal
This is the presentation I used at the National Conference on “Current Scenario & Emerging trends in Information Technology" held at MSIT in march 2013.
Here is the link to the whitepaper : http://www.exploit-db.com/wp-content/themes/exploit/docs/24559.pdf
Cross-site scripting (XSS) is a type of web application vulnerability where malicious scripts are injected into otherwise benign web pages. There are three main types of XSS attacks: stored XSS, reflected XSS, and DOM-based XSS. XSS vulnerabilities have affected many major websites and can enable account hijacking, cookie theft, and other malicious activities. Developers can prevent XSS by encoding untrusted inputs, validating inputs, and using security libraries that filter malicious scripts.
This document discusses various web application attacks including session hijacking, code injection, cross-site scripting (XSS), pharming, and URL spoofing. It provides details on how each attack works, examples, and potential defenses. Session hijacking involves stealing valid session IDs to take over user sessions. Code injection involves introducing malicious code via data inputs. XSS involves injecting client-side scripts to bypass access controls. Pharming and URL spoofing involve redirecting users to fake websites to steal login credentials.
Catching Multilayered Zero-Day Attacks on MS OfficeKaspersky
Over the past few years attacks leveraging Microsoft Office documents have become a weapon of choice for APT attacks. Office documents are popular not only with APT. It doesn’t take much time for malware authors to integrate novel techniques into their own Exploit Kits and attack ordinary users. Our statistics shows that only during 2018 amount of exploits attempts targeting MS Office increased by 4 times, making it the most targeted application in the world.
In this presentation we would like to take a look at one of the most recent zero-day attacks against this platform, CVE-2018-8174, that introduced a completely new attack vector. Zero-day exploit utilized a technique to load an Internet Explorer engine component right into the process context of MS Office and exploited an unpatched VBScript vulnerability without any user interaction. This new technique changes current threat landscape, as vulnerabilities that previously could only be exploited from a browser in a drive-by-attack scenario can now be also abused from an Office document.
This, and many other vulnerabilities was discovered with the help of our sandbox technology, that is proven to be very effective in catching even sophisticated, multilayered zero-day threats. In this presentation we would like to reveal how Sandbox can be utilized to catch this and many others zero-day attacks with our exploit and vulnerability detection system in our sandbox that is part KATA (Kaspersky Anti Targeted Attack Platform).
Prevoty provides a runtime application self-protection (RASP) solution that can automatically secure content, queries, and users in real-time from within applications. Prevoty addresses challenges like the inability of perimeter defenses to understand application context and the difficulty of keeping up with growing codebases and vulnerabilities. By instrumenting directly into application runtimes via language plugins, Prevoty can detect and block attacks while providing visibility into attacks, like the source IP, payload details, timestamp, and affected URL or SQL query. This real-time threat intelligence can then be shared with security tools like SIEMs, firewalls, and WAFs.
This document discusses the importance of web security and outlines the top 8 web security threats. It notes that there is a hack attack every 39 seconds and cybersecurity spending is expected to reach $6 trillion globally by 2021. The top threats discussed are injection, broken authentication, sensitive data exposure, cross-site scripting, security misconfigurations, cross-site request forgery, unvalidated redirects and forwards, and insecure direct object references. Throughout, it emphasizes the importance of security and provides examples of each threat.
The document provides a complete walkthrough of cross-site scripting (XSS) vulnerabilities, including:
1) It defines XSS and explains that it allows attackers to inject client-side scripts.
2) It describes three types of XSS - stored (persistent), reflected (non-persistent), and DOM-based - and provides examples of each.
3) It discusses advanced techniques attackers use to bypass input filtering, such as uppercasing tags to avoid lowercase filters or using ASCII character codes.
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
This document discusses how Django, a Python web framework, provides security by default through various built-in features. Django protects against common vulnerabilities like SQL injection, cross-site scripting, and cross-site request forgery through features like automatic escaping of user input, CSRF tokens, and an ORM that avoids direct SQL queries. The document argues that Django makes it easier for developers with little security knowledge to write more secure code by handling many security tasks behind the scenes.
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It explains XSS concepts and threats. It details several XSS issues that existed in Grails prior to version 2.3, such as the default codec being none, inconsistent encoding behavior, tags not escaping output, and the message tag not escaping arguments. It outlines encoding enhancements in Grails 2.3, including more secure defaults, finer-grained control of codecs, and context-sensitive encoding switching. The document stresses reviewing plugins for security issues and thinking like an attacker to find vulnerabilities. It recommends always escaping dynamic values, using fuzzing tools, and following OWASP best practices.
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It describes common XSS attack types and threats. It then details several XSS issues that existed in older Grails versions, such as the default codec being none, inconsistent encoding behavior across GSP elements, tags not escaping output, the message tag not escaping arguments, and one codec not being sufficient. The document outlines encoding enhancements in Grails 2.3 that help address these issues, including more secure defaults, finer-grained control of codecs, and context-sensitive encoding switching. It stresses reviewing plugins for security and provides an example of a past vulnerability. Finally, it offers tips for developers such as thinking like an attacker and being aware of dynamic
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It explains what XSS is, different XSS types, and threats posed by XSS attacks like session hijacking and malware infection. It details several XSS issues in pre-2.3 Grails versions like the default codec being none, inconsistent encoding behavior across GSP elements, and tags not escaping output. Solutions proposed include changing the default codec, explicitly encoding values, and upgrading to later Grails versions. It also stresses the need to review plugins for security issues and consider plugins part of the app's attack surface.
Myself and Asanka Fernandopulle conducted corporate level workshop on Application Security. This workshop covered areas such as application security treats, secure cording practices, application penetration testing and web application exploitations. Workshop mainly consisted with practical sessions and demonstrations. You can find all the presentations here.
Web security: Securing Untrusted Web Content in BrowsersPhú Phùng
This document summarizes a seminar on securing untrusted web content at browsers. It discusses how 92% of websites use JavaScript, which can pose security issues if third-party scripts are malicious or compromised. The seminar presents an approach using lightweight self-protecting JavaScript that enforces security policies without browser modifications. This is done by sandboxing untrusted code execution and intercepting API calls according to enforcement rules defined in policy files. Real-world attacks are also examined that were carried out by injecting malicious code into third-party scripts on major websites.
XSS (cross-site scripting) is a common web vulnerability that allows attackers to inject client-side scripts. The document discusses various types of XSS attacks and defenses against them. It covers:
1) Reflected/transient XSS occurs when untrusted data in URL parameters is immediately displayed without sanitization. Stored/persistent XSS occurs when untrusted data is stored and later displayed. DOM-based XSS manipulates the DOM.
2) Defenses include HTML/URL encoding untrusted data before displaying it, validating all inputs, and using context-specific encoding for HTML elements, attributes, JavaScript, and URLs.
3) The OWASP Java Encoder Project and Microsoft Anti
This document discusses cross-site scripting (XSS) attacks and how they work. It covers different types of XSS like reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when untrusted user input is reflected back without sanitization. Stored XSS happens when malicious scripts are stored in a database or server and executed when others view the content. DOM-based XSS abuses client-side scripts that access data from the URL and display it. Real-world examples like attacks on Apache, MySpace, and Twitter are also described.
Cross Site Scripting: Prevention and Detection(XSS)Aman Singh
Cross-Site Scripting (referred to as XSS) is a type of web application attack where malicious client-side script is injected into the application output and subsequently executed by the user’s browser.
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
This document discusses cross-site scripting (XSS) vulnerabilities. It covers the business risks of XSS, including account compromise and malware installation. It explains how XSS works by giving an example of a reflected XSS attack. It then discusses different XSS attack points and variations. The document outlines mitigation techniques like output encoding and content security policies. It provides examples of how these defenses work to prevent XSS exploits. Finally, it discusses tools like the OWASP XSS prevention cheat sheet and upcoming security training sessions.
Post XSS Exploitation : Advanced Attacks and RemediesAdwiteeya Agrawal
This is the presentation I used at the National Conference on “Current Scenario & Emerging trends in Information Technology" held at MSIT in march 2013.
Here is the link to the whitepaper : http://www.exploit-db.com/wp-content/themes/exploit/docs/24559.pdf
Cross-site scripting (XSS) is a type of web application vulnerability where malicious scripts are injected into otherwise benign web pages. There are three main types of XSS attacks: stored XSS, reflected XSS, and DOM-based XSS. XSS vulnerabilities have affected many major websites and can enable account hijacking, cookie theft, and other malicious activities. Developers can prevent XSS by encoding untrusted inputs, validating inputs, and using security libraries that filter malicious scripts.
This document discusses various web application attacks including session hijacking, code injection, cross-site scripting (XSS), pharming, and URL spoofing. It provides details on how each attack works, examples, and potential defenses. Session hijacking involves stealing valid session IDs to take over user sessions. Code injection involves introducing malicious code via data inputs. XSS involves injecting client-side scripts to bypass access controls. Pharming and URL spoofing involve redirecting users to fake websites to steal login credentials.
Catching Multilayered Zero-Day Attacks on MS OfficeKaspersky
Over the past few years attacks leveraging Microsoft Office documents have become a weapon of choice for APT attacks. Office documents are popular not only with APT. It doesn’t take much time for malware authors to integrate novel techniques into their own Exploit Kits and attack ordinary users. Our statistics shows that only during 2018 amount of exploits attempts targeting MS Office increased by 4 times, making it the most targeted application in the world.
In this presentation we would like to take a look at one of the most recent zero-day attacks against this platform, CVE-2018-8174, that introduced a completely new attack vector. Zero-day exploit utilized a technique to load an Internet Explorer engine component right into the process context of MS Office and exploited an unpatched VBScript vulnerability without any user interaction. This new technique changes current threat landscape, as vulnerabilities that previously could only be exploited from a browser in a drive-by-attack scenario can now be also abused from an Office document.
This, and many other vulnerabilities was discovered with the help of our sandbox technology, that is proven to be very effective in catching even sophisticated, multilayered zero-day threats. In this presentation we would like to reveal how Sandbox can be utilized to catch this and many others zero-day attacks with our exploit and vulnerability detection system in our sandbox that is part KATA (Kaspersky Anti Targeted Attack Platform).
Prevoty provides a runtime application self-protection (RASP) solution that can automatically secure content, queries, and users in real-time from within applications. Prevoty addresses challenges like the inability of perimeter defenses to understand application context and the difficulty of keeping up with growing codebases and vulnerabilities. By instrumenting directly into application runtimes via language plugins, Prevoty can detect and block attacks while providing visibility into attacks, like the source IP, payload details, timestamp, and affected URL or SQL query. This real-time threat intelligence can then be shared with security tools like SIEMs, firewalls, and WAFs.
This document discusses the importance of web security and outlines the top 8 web security threats. It notes that there is a hack attack every 39 seconds and cybersecurity spending is expected to reach $6 trillion globally by 2021. The top threats discussed are injection, broken authentication, sensitive data exposure, cross-site scripting, security misconfigurations, cross-site request forgery, unvalidated redirects and forwards, and insecure direct object references. Throughout, it emphasizes the importance of security and provides examples of each threat.
The document provides a complete walkthrough of cross-site scripting (XSS) vulnerabilities, including:
1) It defines XSS and explains that it allows attackers to inject client-side scripts.
2) It describes three types of XSS - stored (persistent), reflected (non-persistent), and DOM-based - and provides examples of each.
3) It discusses advanced techniques attackers use to bypass input filtering, such as uppercasing tags to avoid lowercase filters or using ASCII character codes.
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
This document discusses how Django, a Python web framework, provides security by default through various built-in features. Django protects against common vulnerabilities like SQL injection, cross-site scripting, and cross-site request forgery through features like automatic escaping of user input, CSRF tokens, and an ORM that avoids direct SQL queries. The document argues that Django makes it easier for developers with little security knowledge to write more secure code by handling many security tasks behind the scenes.
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It explains XSS concepts and threats. It details several XSS issues that existed in Grails prior to version 2.3, such as the default codec being none, inconsistent encoding behavior, tags not escaping output, and the message tag not escaping arguments. It outlines encoding enhancements in Grails 2.3, including more secure defaults, finer-grained control of codecs, and context-sensitive encoding switching. The document stresses reviewing plugins for security issues and thinking like an attacker to find vulnerabilities. It recommends always escaping dynamic values, using fuzzing tools, and following OWASP best practices.
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It describes common XSS attack types and threats. It then details several XSS issues that existed in older Grails versions, such as the default codec being none, inconsistent encoding behavior across GSP elements, tags not escaping output, the message tag not escaping arguments, and one codec not being sufficient. The document outlines encoding enhancements in Grails 2.3 that help address these issues, including more secure defaults, finer-grained control of codecs, and context-sensitive encoding switching. It stresses reviewing plugins for security and provides an example of a past vulnerability. Finally, it offers tips for developers such as thinking like an attacker and being aware of dynamic
This document discusses XSS vulnerabilities in Grails applications and provides countermeasures. It explains what XSS is, different XSS types, and threats posed by XSS attacks like session hijacking and malware infection. It details several XSS issues in pre-2.3 Grails versions like the default codec being none, inconsistent encoding behavior across GSP elements, and tags not escaping output. Solutions proposed include changing the default codec, explicitly encoding values, and upgrading to later Grails versions. It also stresses the need to review plugins for security issues and consider plugins part of the app's attack surface.
Myself and Asanka Fernandopulle conducted corporate level workshop on Application Security. This workshop covered areas such as application security treats, secure cording practices, application penetration testing and web application exploitations. Workshop mainly consisted with practical sessions and demonstrations. You can find all the presentations here.
Web security: Securing Untrusted Web Content in BrowsersPhú Phùng
This document summarizes a seminar on securing untrusted web content at browsers. It discusses how 92% of websites use JavaScript, which can pose security issues if third-party scripts are malicious or compromised. The seminar presents an approach using lightweight self-protecting JavaScript that enforces security policies without browser modifications. This is done by sandboxing untrusted code execution and intercepting API calls according to enforcement rules defined in policy files. Real-world attacks are also examined that were carried out by injecting malicious code into third-party scripts on major websites.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Decentralized Justice in Gaming and EsportsFederico Ast
Discover how Kleros is transforming the landscape of dispute resolution in the gaming and eSports industry through the power of decentralized justice.
This presentation, delivered by Federico Ast, CEO of Kleros, explores the innovative application of blockchain technology, crowdsourcing, and incentivized mechanisms to create fair and efficient arbitration processes.
Key Highlights:
- Introduction to Decentralized Justice: Learn about the foundational principles of Kleros and how it combines blockchain with crowdsourcing to develop a novel justice system.
- Challenges in Traditional Arbitration: Understand the limitations of conventional arbitration methods, such as high costs and long resolution times, particularly for small claims in the gaming sector.
- How Kleros Works: A step-by-step guide on the functioning of Kleros, from the initiation of a smart contract to the final decision by a jury of peers.
- Case Studies in eSports: Explore real-world scenarios where Kleros has been applied to resolve disputes in eSports, including issues like cheating, governance, player behavior, and contractual disagreements.
- Practical Implementation: Detailed walkthroughs of how disputes are handled in eSports tournaments, emphasizing speed, cost-efficiency, and fairness.
- Enhanced Transparency: The role of blockchain in providing an immutable and transparent record of proceedings, ensuring trust in the resolution process.
- Future Prospects: The potential expansion of decentralized justice mechanisms across various sectors within the gaming industry.
For more information, visit kleros.io or follow Federico Ast and Kleros on social media:
• Twitter: @federicoast
• Twitter: @kleros_io
2. Types of XSS
DOM-based (type 0): Everything happens in the client
Persistent (type 1): Server stores malicious input
Non-persistent (type 2): Server echoes back malicious input
#DevSum19
3. Why Filters Don´t Work
• HTML attributes
• Unexpected formats
• Data binding
3
#DevSum19
4. Template Injection
• Many „SPA“ libraries evaluate code based on templates in the DOM
• This might enabe injecting attacks
4
#DevSum19
5. AngularJS Template Injection
5
Angular < 1.6 has a sandbox that checks expressions and transform them
1 + 2 turns into:
var fn = function(s, l, a, i) {
return plus(1, 2);
};
return fn;
Many, many sandbox escapes: https://portswigger.net/blog/xss-without-html-client-
side-template-injection-with-angularjs
In Angular 1.6, the sandbox was removed
#DevSum19
6. XXE (XML External Entities)
XML supports entities
Entities may reference external files
If an attacker may supply the XML for the application, this can be problematic
State of XXE in .NET:
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_Extern
al_Entity_Prevention_Cheat_Sheet.md
#DevSum19
8. Insecure Deserialization
Rule #1: Validate input
Paper based on .NET: https://speakerdeck.com/pwntester/attacking-net-serialization
Payload generator: https://github.com/pwntester/ysoserial.net
#DevSum19
9. Phishing via External Links
When opening a new browser window or tab, JavaScript provides access to the opening
tab/window
Same Origin Policy prevents DOM access, but window access is possible
9
#DevSum19
10. Content Security Policy Bypass
Only allow servers you fully trust
This usually excludes CDNs
Better use the nonce-* feature of CSP 2+
10
#DevSum19