セキュリティ・キャンプ全国大会 2019 開発と運用トラックで提供した講義の資料の一部です。誤りに気がついたら、ぜひ @y0n3uchy あるいは @lmt_swallow にお知らせください。
体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) / Learn Modern Web Security Systematically
セキュリティ・キャンプ全国大会 2019 開発と運用トラックで提供した講義の資料の一部です。誤りに気がついたら、ぜひ @y0n3uchy あるいは @lmt_swallow にお知らせください。
Cross-Site Content and Status Types Leakage
When doing my usual Bug Bounty research routine, I found an interesting behavior that occurred on a popular website, let’s say censored.com. Depending on whether the user was authorized to display the website two completely different pages were being shown. One, with content-type:text/html;charset=utf-8 HTTP header, and the second, without Content-Type header at all, which in that case becomes tex
New XS-Leak techniques reveal fresh ways to expose user information
New XS-Leak techniques reveal fresh ways to expose user information ‘This should be in the OWASP Top 10 in 2025’ The deanonymization capabilities of cross-site leak (XS-Leak) attacks once again came to the fore this week, as security researchers published details of two new methods that can be used to expose user information. XS-Leak refers to a family of browser side-channel techniques that can b
Postcards from the post-XSS world
Postcards from the post-XSS world (2011) Michal Zalewski, <lcamtuf@coredump.cx> 1. Introduction HTML markup injection vulnerabilities are one of the most significant and pervasive threats to the security of web applications. They arise whenever, in the process of generating HTML documents, the underlying code inserts attacker-controlled variables into the output stream without properly screening t
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
https://crypto.stanford.edu/~dabo/papers/webtiming.pdf
Bughunter University - XSLeaks and XS-Search
GitHub - xsleaks/xsleaks: A collection of browser-based side channel attack vectors.
https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf
