Einschränkung der Auswahl
Alle Artikel aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2008/2009
oder nur Artikel des
• Entwickler Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008-2010
alle (lang!)
• Mobile Technology aus
2019
2016
2015
2014
2012/2013
alle (lang!)
• PHP Magazin / PHP User aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2009/2010
alle (lang!)
• windows.developer / dot.Net Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2008-2011
alle (lang!)
• oder der anderen Magazine
Webbrowser und Webclient als Angriffsziel
Je mächtiger der Webbrowser und -client, desto interessanter für Angriffe
Im
PHP Magazin 4.2016
ist ein Artikel über Angriffe auf Webbrowser und Webclient erschienen.
Auf entwickler.de gibt es eine
Leseprobe
des Artikels.
Links
- [1] Carsten Eilers: "Confused Deputy 2015"; PHP Magazin 4.2015
- [2] Carsten Eilers: "Pixel Perfect"; PHP Magazin 6.2014
- [3] Carsten Eilers: "Angriffsziel UI"; PHP Magazin 4.2014
- [4] Carsten Eilers: "Angriffsziel Webbrowser"; PHP Magazin 2.2014
- [5] Martin Johns, Sebastian Lekies, Ben Stock; Black Hat Asia 2015: "Client-Side Protection Against DOM-Based XSS Done Right (tm)"
- [6] Amit Klein; Web Application Security Consortium: "DOM Based Cross Site Scripting or XSS of the Third Kind"
- [7] Martin Johns, Sebastian Lekies, Ben Stock; Black Hat Europe 2014: "Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers"
(Präsentation als PDF)
- [8] Ben Stock, Martin Johns; Kittenpics: "Summary of our AsiaCCS paper on implementing a password manager which protects users against XSS attackers"
- [9] Yaoqi Jia: Black Hat Asia 2015: "I Know Where You've Been: Geo-Inference Attacks via the Browser Cache"
- [10] Yaoqi Jia, Xinshu Dong, Zhenkai Liang, Prateek Saxena; Journal of IEEE Internet Computing, 2015: "I Know Where You've Been: Geo-Inference Attacks via the Browser Cache" (PDF)
- [11] Natalie Silvanovich; Black Hat USA 2015: "Attacking ECMAScript Engines with Redefinition"
- [12] Carsten Eilers: "Ajax Security", Entwickler Press, 2008
- [13] Carsten Eilers: "Die Universal Cross-Site Scripting (UXSS) Schwachstelle im Internet Explorer 10 und 11"
- [14] Ahamed Nafeez; Black Hat USA 2015: "Dom Flow - Untangling the DOM for More Easy-Juicy Bugs"
- [15] Hookish!
- [16] hookish/domHooks.js at master · skepticfx/hookish · GitHub
- [17] BurpKit
- [18] Nadeem Douba; DEF CON 23: "BurpKit - Using WebKit to Own the Web"
(Präsentation als PDF,
Video auf YouTube,
Code als .rar)
- [19] Christian (@xntrik) Frichot; DEF CON 23: "Hooked Browser Meshed-Networks with WebRTC and BeEF"
(Präsentation als PDF,
Video auf YouTube)
- [20] Christian (@xntrik) Frichot; BeEF - The Browser Exploitation Framework Blog: "Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 1"
- [21] Christian (@xntrik) Frichot; BeEF - The Browser Exploitation Framework Blog: "Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 2"
- [22] Denis Kolegov, Oleg Broslavsky, Nikita Oleksov; BeEF - The Browser Exploitation Framework Blog: "Hooked Browser Network with BeEF and Google Drive"
- [23] Ben Stock, Martin Johns, Sebastian Lekies; Black Hat Europe 2015: "Your Scripts in My Page - What Could Possibly Go Wrong?"
- [24] Ben Stock, Martin Johns, Sebastian Lekies; Kittenpics: "Abusing JavaScript Inclusions to Leak Sensitive Data Across Domains"
- [25] Rafay Baloch; Black Hat Asia 2016: "Bypassing Browser Security Policies for Fun and Profit"
- [26] Rafay Baloch; Learn How To Hack - Ethical Hacking and security tips: "Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)"
- [27] Ahmet Buyukkayhan, William Robertson; Black Hat Asia 2016: "Automated Detection of Firefox Extension-Reuse Vulnerabilities"
- [28] Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William Robertson, Engin Kirda; Network and Distributed System Security Symposium (NDSS), San Diego, CA USA, February 2016: "CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities" (PDF)
- [29] Darren Pauli; The Register: "Top Firefox extensions can hide silent malware using easy pre-fab tool"