This document is a master's thesis that examines DOM-based cross-site scripting (DOMXSS) attacks. It provides background on DOMXSS, including classifications of sources and sinks. It presents case studies of DOMXSS attacks on real websites. It also discusses prevention and defense against DOMXSS, such as function flow analysis, proper use of filters, and related penetration testing tools. The goal
DOM Xss Identification and Exploitation Stefano Di Paola CTO and Co-Founder Minded Security Swiss Cyber Storm 3 12-15 May 2011 $ whoami Stefano Di Paola @WisecWisec Research OWASP-Italy Senior Member Testing Guide Contributor OWASP SWFIntruder Bug Hunter & Sec Research (Pdf Uxss, Flash Security, HPP) Security Since '99 Work CTO @ Minded Security Application Security Consulting Director of
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く