Abusing Bleeding Edge Web Standards for Appsec Glory

by Bryant Zadegan, Ryan Lester
Sept. 14, 2017 1 comment www.blackhat.com Pen Testing & Audits web

In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day).


Steven Ulm 5 months, 4 weeks ago

The language is a bit tangled to be honest, I get your point but this article could use a bit of reviewing...