Description: Slide : - http://www.hackinparis.com/slides/hip2k11/09-TheForbiddenImage.pdf
Scalable Vector Graphics are about to conquer the web. Unlike most of their raster based companions from the GIF, PNG and JPEG family, their vector based structure allows to display them on many different devices with various screen sizes without losing visual information. The open XML based SVG sources permit addition of meta data, helping even the visually impaired and blind to get the most out of these images. Additional modules, such as animations, events, SVG fonts, several scripting APIs and inclusion of hyper-links, other images and documents and even arbitrary content from cross-domain sources make SVG the perfect image format for the future WWW.
Nevertheless, a powerful standard such as SVG certainly poses a lot of risks. This presentation provides a deep look at SVG from a security perspective. How can attackers abuse this mighty image format, which ways exist to execute script code and worse, and what should web developers and browser vendors consider when dealing with SVG. How will HTML5 change the way to work with SVGs and why does it matter for security professionals to know about things like SVG Tiny, in-line SVG, SVGz and other acronyms from a world where imaging and scripting collide. Besides many examples of malicious SVGs the talk will shed light on a novel filtering tool capable of filtering and sanitizing SVG images without losing any important content.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , hack-in-the-paris-11 , hack-in-the-paris-2011 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.