![]() |
![]() |
University of Birmingham > Talks@bham > Computer Security Seminars > Don't trust the DOM: Breaking XSS mitigations via Script Gadgets
Don't trust the DOM: Breaking XSS mitigations via Script GadgetsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Dr Garfield Benjamin. Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS . Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for example, aim at removing potentially dangerous tags and attributes. Another example is the Content Security Policy, which forbids inline event handlers and aims at white listing of legitimate scripts. In this talk, we present a novel Web hacking technique that enables an attacker to circumvent most XSS mitigations. In order to do so, the attacker abuses so-called script gadgets. A script gadget Is a legitimate piece of JavaScript in a page that reads elements from the DOM via selectors and processes them in a way that results in script execution. To abuse a script gadget, the attacker injects a benign looking element into the page that matches the gadget’s selector. Subsequently, the gadget selects the benign-looking element and executes attacker-controlled scripts. As the initially injected element is benign it passes HTML sanitizers and security policies. The XSS only surfaces when the gadget mistakenly elevates the privileges of the element. In this talk, we will demonstrate that these gadgets are present in almost all modern JavaScript libraries, APIs and applications. We will present several case studies and real-world examples that demonstrate that many mitigation techniques are not suited for modern applications. As a result, we argue that the Web should start focusing more on preventive mechanisms instead of mitigations. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsdddd Cold atoms Computer Science Distinguished SeminarsOther talksLife : it’s out there, but what and why ? TBA Ultrafast Spectroscopy and Microscopy as probes of Energy Materials Counting cycles in planar graphs Control variates for computing transport coefficients The tragic destiny of Mileva Marić Einstein |