Offensive HTML, SVG, CSS and other Browser-Evil

Trainer Names: Dr. Mario Hei­de­rich
Title: Offensive HTML, SVG, CSS and other Browser-Evil
Duration: 4 Days
Dates: 13^th - 16^th August 2020
Time: 10.00 AM to 2.00 PM IST
Type: Online Training on Zoom platform

Course Outline

• Ch­ap­ter One: His­to­ry & Ba­sics
  • The His­to­ry of Web Se­cu­ri­ty and Web At­tacks
  • The His­to­ry of Brow­sers
  • HTML, Ja­va­Script, CSS
• Ch­ap­ter Two: Cook­ies, Ses­si­ons, XSS
  • Cook­ies & Ses­si­ons
  • Same Ori­gin Po­li­cy
  • Au­then­ti­ca­ti­on & Authorization
  • The Ba­sics of Cross-Si­te Script­ing
• Ch­ap­ter Three: Ad­van­ced XSS
  • Ad­van­ced XSS
  • mXSS and DOM Mu­ta­ti­ons
• Ch­ap­ter Four: Brow­sers & Bey­ond
  • The DOM
  • DOM Clob­be­ring & DOM XSS
  • jQue­ry, Ex­pres­si­on In­jec­tions, An­gu­lar­JS
  • postM­es­sa­ge XSS
  • SVG
  • Flash Se­cu­ri­ty

Who should attend?

The lec­tu­re is of­fe­red as a block event. The lec­tu­re is ex­pli­cit­ly also sui­ta­ble for stu­dents who have al­re­a­dy heard XML- und Web­ser­vice­si­cher­heit/Web­si­cher­heit and want to deepen their know­ledge.

What to bring

• A Lap­top, OS doesn't mat­ter
• Wor­king In­ter­net Con­nec­tion

What to Expect?

Upon suc­cess­ful com­ple­ti­on of the mo­du­le, stu­dents will have a com­pre­hen­si­ve un­der­stan­ding of the tech­ni­cal as­pects of web and brow­ser se­cu­ri­ty. They have ac­qui­red a com­pre­hen­si­ve un­der­stan­ding of sys­tems for com­plex web ap­p­li­ca­ti­ons. Through in­de­pen­dent con­s­i­de­ra­ti­ons and their im­ple­men­ta­ti­on in prac­tical pro­jects to im­pro­ve net­work se­cu­ri­ty, stu­dents pre­pa­re for their role in pro­fes­sio­nal life. They can ana­ly­se new pro­blems and de­ve­lop new so­lu­ti­ons. They can argue the be­ne­fits of the so­lu­ti­ons they have de­ve­lo­ped.

About Trainers

Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Mario recently watched a movie about Chitty the robot and then decided it's time to give a talk in India again.