Search Icon
Register

Milking the Tainted Cow

Ben Stock

Cross-Site Scripting is a type of vulnerability which typically involves data flowing from an attacker-controllable source to a security-sensitive sink. In this talk, I will outline how we have used taint tracking to automatically find client-side XSS at a large scale. Moreover, apart from prevalence of this threat, I will outline how the general security landscape of the client-side Web has evolved and why vulnerabilities on the client are becoming more and more prevalent. Last but not least, I will report on our efforts to help developers remediate their issues, and finish with an outlook on what (I think) upcoming challenges for client-side security research might be.

View More Papers

An Analysis of First-Party Cookie Exfiltration due to CNAME...

Tongwei Ren (Worcester Polytechnic Institute), Alexander Wittmany (University of Kansas), Lorenzo De Carli (Worcester Polytechnic Institute), Drew Davidsony (University of Kansas)

Read More

Towards Anonymous Chatbots with (Un)Trustworthy Browser Proxies

Dzung Pham, Jade Sheffey, Chau Minh Pham, and Amir Houmansadr (University of Massachusetts Amherst)

Read More

Security Signals: Making Web Security Posture Measurable at Scale

Michele Spagnuolo (Google), David Dworken (Google), Artur Janc (Google), Santiago Díaz (Google), Lukas Weichselbaum (Google)

Read More

Tag of the Dead: How Terminated SaaS Tags Become...

Takahito Sakamoto, Takuya Murozono (DataSign Inc)

Read More