�ݺ�ߣshows by User: 404aspx

�ݺ�ߣshows by User: 404aspx / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: 404aspx / Fri, 23 Aug 2013 06:48:07 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: 404aspx Insane in the IFRAME -- The case for client-side HTML sanitization /404aspx/insane-in-the-iframe insaneintheiframe-130823064807-phpapp02
Server-side HTML sanitization is a familiar web application building block, yet despite years of offensive security research, defensive “sanitizer science” is still a kind of voodoo magic. This talk will make the case that as server-side HTML sanitizers lack the ability to effectively simulate every potential user agent, the client itself is the only party empowered to perform accurate sanitization. We will examine the DOM API primitives required to perform such client-side sanitization and review results and learning from a prototype implementation. ]]>
Server-side HTML sanitization is a familiar web application building block, yet despite years of offensive security research, defensive “sanitizer science” is still a kind of voodoo magic. This talk will make the case that as server-side HTML sanitizers lack the ability to effectively simulate every potential user agent, the client itself is the only party empowered to perform accurate sanitization. We will examine the DOM API primitives required to perform such client-side sanitization and review results and learning from a prototype implementation. ]]> Fri, 23 Aug 2013 06:48:07 GMT /404aspx/insane-in-the-iframe 404aspx@slideshare.net(404aspx) Insane in the IFRAME -- The case for client-side HTML sanitization 404aspx Server-side HTML sanitization is a familiar web application building block, yet despite years of offensive security research, defensive “sanitizer science” is still a kind of voodoo magic. This talk will make the case that as server-side HTML sanitizers lack the ability to effectively simulate every potential user agent, the client itself is the only party empowered to perform accurate sanitization. We will examine the DOM API primitives required to perform such client-side sanitization and review results and learning from a prototype implementation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/insaneintheiframe-130823064807-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Server-side HTML sanitization is a familiar web application building block, yet despite years of offensive security research, defensive “sanitizer science” is still a kind of voodoo magic. This talk will make the case that as server-side HTML sanitizers lack the ability to effectively simulate every potential user agent, the client itself is the only party empowered to perform accurate sanitization. We will examine the DOM API primitives required to perform such client-side sanitization and review results and learning from a prototype implementation.

Insane in the IFRAME -- The case for client-side HTML sanitization from David Ross

]]> 4825 4 https://cdn.slidesharecdn.com/ss_thumbnails/insaneintheiframe-130823064807-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-404aspx-48x48.jpg?cb=1523350216