PPT-DOM Based XSS and Proper Output Encoding

By Abraham Kang Principal Security Researcher HP Fortify Goals Understand the DOM based XSS threats Understand how to mitigate DOM based XSS Better understand the output encoding misuse cases If you need to understand traditional XSS see. Slide . 1. <p> Sample <b>bold</b> display</p>. P. B. #text. #text. nextSibling. prevSibling. nextSibling. prevSibling. firstChild. lastChild. parentNode. parentNode. parentNode. Brad Hill, PayPal. bhill@paypal-inc.com @hillbrad. W3Conf:.  Practical standards for web . professionals. 21.  -22 February 2013 . San . Francisco. “. The reason that the Web browser is the principal entry point for malware is the number of choices that a browser offers up to whomever is at the other end. Evolving technologies like HTML5 promise to make this significantly worse. : Severing the . Self-Propagation . Path of XSS JavaScript Worms . in Social . Web Networks. Yinzhi . Cao. §. , . Vinod. . Yegneswaran. †. , Phillip . Porras. †. , and Yan Chen. §. §. Northwestern . Pat Nicholson* and Rajeev Raman**. *. MPII. ** . University of Leicester. Input Data. (Relatively Big). déjà vu: The Encoding Approach. déjà vu: The Encoding Approach. Input Data. (Relatively Big). Slide . 1. <. p>Sample . <b>bold</b> display</p>. P. B. #text. #text. nextSibling. prevSibling. nextSibling. prevSibling. firstChild. lastChild. parentNode. parentNode. parentNode. Gradients. Slice selection. Frequency encoding. Phase encoding. Sampling . Data collection. Introduction. Encoding means the location of the MR signal and positioning it on the correct place in the image. Daan van Eijk. December. 2 . 2016. actions from . previous-previous . meeting. Daniele:. Status of retuned HV on 6 PMTs in DOM67. S. end . instructions of how to obtain the advertised white gas . (to . Pat Nicholson* and Rajeev Raman**. *. MPII. ** . University of Leicester. Input Data. (Relatively Big). déjà vu: The Encoding Approach. déjà vu: The Encoding Approach. Input Data. (Relatively Big). Self-Propagation . Path of XSS JavaScript Worms . in Social . Web Networks. Yinzhi . Cao. §. , . Vinod. . Yegneswaran. †. , Phillip . Porras. †. , and Yan Chen. §. §. Northwestern . Lab for Internet and Security . Meet . theharmonyguy. 2001 – 2003. Administrator. for an ASP Portal. 2003 – 2007. Kennesaw State University. 2007 – 2009. Wake Forest University. Nov.. 2007. OpenSocial. Emote “Hack”. Jun. 2009. 2. Jim Manico. VP Security Architecture, WhiteHat Security. Web Developer,. 15 Years. OWASP. Connections Committee Chair. OWASP Podcast Series Producer/Host. OWASP Cheat-Sheet Series Project Manager. integration in PiMu (in 2 minutes) Nikhef Stafoverleg 9/3/2020 R. Bruijn DU integration + Storage DOM Integration Storage (Europe/Local) Darkroom (DOM testing) Pressure Test Cable Prepare R&D Pantr PC Link Encoding Function: records from turntable to MP3 (software disc and USB cable included. ). 3 Speed Turntable: 33/45/78. Auto-Stop . function. Rotary HI-LOW . tone / Volume control . Built-in Speakers - Output . project. – . Patrick . Lamare. REX on PPM DOM – . Jan . willem. . SCHmelling. PPM DU . project. . – sylvain henry. PPM DU . optical. network . - Jan . willem. . SCHmelling. PPM DOM calibration .