Owasp5005 - J. Grossman/R. Hansen - New Zero-Day Browser Exploits -ClickJacking
23:29
-
1 year ago
Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 24, 2008 – Content produced by www.MediaArchives.com - Many other OWASP Conference videos available on www.OWASP.tv Get Involved Today! --- NEW ZERO-DAY BROSWER EXPLOITS: CLICKJACKING – YA, THIS IS BAD, with Jeremiah Grossman and Robert ‘RSnake’ Hansen. Security researchers have revealed that a new class of vulnerabilities dubbed "clickjacking" can put users of every major browser at risk from attack. Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by "CRSF" or "sidejacking." But clickjacking is different enough that the current anti-CRSF security provisions built into browsers, sites and Web applications are worthless.Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 24, 2008 – Content produced by www.MediaArchiv...all »Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 24, 2008 – Content produced by www.MediaArchives.com - Many other OWASP Conference videos available on www.OWASP.tv Get Involved Today! --- NEW ZERO-DAY BROSWER EXPLOITS: CLICKJACKING – YA, THIS IS BAD, with Jeremiah Grossman and Robert ‘RSnake’ Hansen. Security researchers have revealed that a new class of vulnerabilities dubbed "clickjacking" can put users of every major browser at risk from attack. Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by "CRSF" or "sidejacking." But clickjacking is different enough that the current anti-CRSF security provisions built into browsers, sites and Web applications are worthless.«
Download is starting. Save file to your computer. If the download does not start automatically, right-click this link and choose "Save As". How to get videos onto the iPod or PSP.
