Trusted Types: End to end injection safety at scale KRZYSZTOF KOTOWICZ MIKE SAMUEL

Uninvited Guests Understanding Malicious Web Bots with OWASP Handbook TIN ZAW

Cloud-Squatting: The Never-ending Misery Of Deleted & Forgotten Cloud Assets - Abdullah Al-Sultani

😯 Подарила сыну БМВ, но не ожидала такой реакции на машину! | Новостничок

黑天使只对C罗有感觉#short #angel #clown

ВОТ ПОЧЕМУ Япония живет в будущем 🤫 Утилизация масла #япония #токио #путешествия #shorts

Trusted Types: End to end injection safety at scale KRZYSZTOF KOTOWICZ MIKE SAMUEL

Рет қаралды 335

OWASP Foundation

OWASP Foundation

Күн бұрын

Пікірлер: 1

@domaincontroller

@domaincontroller 4 жыл бұрын

02:07 DOM XSS, google single largest security problem right now 02:18 it's very easy for a developer to write an assignment to innerHTML such that the value assigned is controlled by an attacker 02:56 the root cause is that we have these browser's APIs and when an attacker-controlled strings reaches them, bad things happen 03:57 CSP enables trusted types 04:55 with trusted types enabled DOM sinks only accept trusted values 05:02 a DOM sink is any browser API 05:51 sinks, more than 60 TrustedHTML w3c.github.io/webappsec-trusted-types/dist/spec/ 06:30 [...] 11:09 default 12:52 we've been doing this for a while now, server-side, gmail 13:10 bug bounty program, this is highly suggestive 14:03 to recap, if you control the CSP header, whitelists =================================== demo =================================== 16:24 angular. search for videos, soundcloud, migrated to trusted types, how to use actually the trusted type API in a real-world application 1github.com/koto/web 17:34 angular, template rendering engine, trusted URL, has its own HTML sanitizer 19:27 jQuery when loaded, through one of the dependency, namely backbone, default policy

Uninvited Guests Understanding Malicious Web Bots with OWASP Handbook TIN ZAW

35:14

Uninvited Guests Understanding Malicious Web Bots with OWASP Handbook TIN ZAW

OWASP Foundation

Рет қаралды 238

Cloud-Squatting: The Never-ending Misery Of Deleted & Forgotten Cloud Assets - Abdullah Al-Sultani

38:26

Cloud-Squatting: The Never-ending Misery Of Deleted & Forgotten Cloud Assets - Abdullah Al-Sultani

OWASP Foundation

Рет қаралды 436

😯 Подарила сыну БМВ, но не ожидала такой реакции на машину! | Новостничок

00:20

😯 Подарила сыну БМВ, но не ожидала такой реакции на машину! | Новостничок

НОВОСТНИЧОК

Рет қаралды 6 МЛН

黑天使只对C罗有感觉#short #angel #clown

00:39

黑天使只对C罗有感觉#short #angel #clown

Super Beauty team

Рет қаралды 36 МЛН

00:47

Natan por Aí

Рет қаралды 30 МЛН

ВОТ ПОЧЕМУ Япония живет в будущем 🤫 Утилизация масла #япония #токио #путешествия #shorts

00:59

ВОТ ПОЧЕМУ Япония живет в будущем 🤫 Утилизация масла #япония #токио #путешествия #shorts

Холли Лолли Live

Рет қаралды 4,7 МЛН

Securing The Gateway And Mitigating Risks In LLM API Integration - Ayush Agarwal & Avneesh Hota

26:44

Securing The Gateway And Mitigating Risks In LLM API Integration - Ayush Agarwal & Avneesh Hota

OWASP Foundation

Рет қаралды 219

OWASP SamuraiWTF - Kevin Johnson

29:59

OWASP SamuraiWTF - Kevin Johnson

OWASP Foundation

Рет қаралды 149

I Can’t Cope! How OWASP Is Helping To Manage Vulnerability Overload - Anthony Harrison

47:04

I Can’t Cope! How OWASP Is Helping To Manage Vulnerability Overload - Anthony Harrison

OWASP Foundation

Рет қаралды 234

What Can Traditional Web App Security Learn From Browser Wallet Extensions? - Gal Weizman

45:37

What Can Traditional Web App Security Learn From Browser Wallet Extensions? - Gal Weizman

OWASP Foundation

Рет қаралды 2,3 М.

OWASP Coraza Web Application Firewalls Revisited - José Carlos Chávez

22:38

OWASP Coraza Web Application Firewalls Revisited - José Carlos Chávez

OWASP Foundation

Рет қаралды 551

5 AppSec Stories, And What We Can Learn From Them - Paul Molin

39:54

5 AppSec Stories, And What We Can Learn From Them - Paul Molin

OWASP Foundation

Рет қаралды 227

How to build a successful threat modeling program: Episode 5 - Delivering Value

59:57

How to build a successful threat modeling program: Episode 5 - Delivering Value

IriusRisk

Рет қаралды 113

OWASP API Security Project - Paulo Silva & Erez Yalon

31:22

OWASP API Security Project - Paulo Silva & Erez Yalon

OWASP Foundation

Рет қаралды 1,3 М.

Assessing 3rd Party Libraries More Easily With Security Scorecards - Niels Tanis

48:01

Assessing 3rd Party Libraries More Easily With Security Scorecards - Niels Tanis

OWASP Foundation

Рет қаралды 209

Dawn Of The Dead: The Tale Of The Resurrected Domains - Pedro Fortuna

48:03

Dawn Of The Dead: The Tale Of The Resurrected Domains - Pedro Fortuna

OWASP Foundation

Рет қаралды 214

😯 Подарила сыну БМВ, но не ожидала такой реакции на машину! | Новостничок

00:20

😯 Подарила сыну БМВ, но не ожидала такой реакции на машину! | Новостничок

НОВОСТНИЧОК

Рет қаралды 6 МЛН