Milking the Tainted Cow - NDSS Symposium

Ben Stock

Cross-Site Scripting is a type of vulnerability which typically involves data flowing from an attacker-controllable source to a security-sensitive sink. In this talk, I will outline how we have used taint tracking to automatically find client-side XSS at a large scale. Moreover, apart from prevalence of this threat, I will outline how the general security landscape of the client-side Web has evolved and why vulnerabilities on the client are becoming more and more prevalent. Last but not least, I will report on our efforts to help developers remediate their issues, and finish with an outlook on what (I think) upcoming challenges for client-side security research might be.

View More Papers

From Matrix to Metrics: Introducing and Applying a Configuration...

Tobias Länge (SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany), Fabian Lucas Ballreich (SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany), Anne Hennig (SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany), Peter Mayer (SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany), Melanie Volkamer (SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany)

What Storage? An Empirical Analysis of Web Storage in...

Zubair Ahmad (Università Ca’ Foscari Venezia), Samuele Casarin (Università Ca’ Foscari Venezia), and Stefano Calzavara (Università Ca’ Foscari Venezia)

insecure:// Vulnerability Analysis of URI Scheme Handling in Android...

Abdulla Aldoseri (University of Birmingham) and David Oswald (University of Birmingham)