asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>DOM</strong>-based / <strong>Client</strong>-<strong>Side</strong> <strong>XSS</strong>• Flaws in client-side code Data from attacker-controlled sourceflows to security-sensitive sink Eventually, attacker-controlled datais interpreted as code var name = location.hash.slice(1)); document.write("Hello " + name); • Detection of client-side <strong>XSS</strong> Dynamic analysis: use taint tracking Commercial product <strong>DOM</strong>inator Static analysis: no idea, we don't do static analysis J