Description: Cross Site Scripting is most generally known as a website or browser vulnerability (see .Hacking Google ChromeOS.). But with today.s dynamic desktop environment, it.s not uncommon for desktop application to contain a mishmosh of technologies. Since user friendly interfaces are very important (we have degrees in UI development!), HTML JavaScript is being utilized as a medium to deliver the function. Fortunately for attackers, this also opens up the same web vulnerabilities that a browser allows. Using popular IM clients (and an operating system!) as examples, we.ll go over how an attacker can own you, desktop and mobile, using an everyday web vulnerability, Cross Site Scripting. Topics include discovering XSS vulnerabilities in applications, writing the exploits, and post exploitation (what can we do??)
Tags: securitytube , DerbyCon , Derby Con , hacking , hackers , information security , convention , computer security , Derby 11 , DerbyCon 11 , DerbyCon-2011 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.