QCon London - Out of the Browser Into the Fire

Date & Time: Month DD, YYYY at H:MM - H:MM
Location: Venue - Street Name and Number, City, State, Postal Code
Speaker: Bishop Fox

The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit critical vulnerabilities in popular desktop applications implemented using embedded web technologies. We'll demonstrate leveraging XSS in native desktop applications to exfiltrate sensitive files, create messaging worms that can infect an entire organizations, and gaining arbitrary native code execution, all without the need to bypass DEP, ASLR and other modern operating system protections.

Security Associate Joe DeMesy will discuss at QCon London - Out of the Browser Into the Fire.

Topics:QCon London

Comments

Need a Cybersecurity Expert to Speak at Your Event?

Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at contact@bishopfox.com

More...

Subscribe to Updates