Presentation Material
Abstract
JavaScript today has a presence in almost every single website across the Internet. Aggressive research is in progress in the security community to come up with better security features in JavaScript everyday. Unfortunately, many security features of JS are a double-edged sword. In this presentation, we will show how some of the security features in JavaScript can be used maliciously by an attacker to kill other security features in any website. More specifically, we will see how the sandboxing features of ECMAScript 5 can break and make security in modern day applications. We also take a few real world examples like OWASP CSRFGUARD and use some of the major security features of JS to bypass CSRF protection offered by this OWASP library in many different ways.
AI Generated Summarymay contain errors
The speaker is discussing how various properties in JavaScript can be spoofed or manipulated,2015 for malicious purposes. They highlight the importance of being cautious when relying on certain properties, , such as document.domain or location.origin, which can be altered by an attacker.
To detect and mitigate these types of attacks, (such as DOM clobbering), the speaker suggests using Object.getOwnPropertyDescriptor() to examine the property descriptors of sensitive objects. This can help identify if a property is configurable, writable, on frozen, and therefore vulnerable to manipulation.
The speaker also mentions that Chrome has a specific issue with document.location.origin being spoofable due to its configurability property being set to true. They emphasize the need for developers to be aware of these security concerns and not blindly trust certain properties.
In terms of hunting down these types of vulnerabilities, the speaker recommends following experts in the field, such as Mario Heiderich, Gareth Heyes, and Yosuke Hoshino, who actively research and discuss web security topics on Twitter.
Overall, the talk aims to raise awareness about the importance of carefully validating and parsing sensitive data in JavaScript applications to prevent exploitation by attackers.