Owasp5005 Part1 - NEW ZERO-DAY BROSWER EXPLOITS - CLICKJACKING w Grossman & Hansen

NEW ZERO-DAY BROSWER EXPLOITS: CLICKJACKING YA, THIS IS BAD, with Jeremiah Grossman and Robert RSnake Hansen. Security researchers have revealed that a new class of vulnerabilities dubbed "clickjacking" can put users of every major browser at risk from attack. Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by "CRSF" or "sidejacking." But clickjacking is different enough that the current anti-CRSF security provisions built into browsers, sites and Web applications are worthless. --- Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 25, 2008 – Content produced by www.MediaArchives.com - Many other OWASP Conference videos available on www.OWASP.tv Get Involved Today! ---

Category:

Science & Technology

Tags:

• Open
• Web
• Application
• Security
• Tools
• Internet
• Hack

License:

Standard YouTube License