Seputar Ruqyah : DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star
Judul Ruqyah : DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star
DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star
DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective
[ad_1]
People are always talking about binary vulnerabilities when attacking desktop applications. Memory corruptions are always costly to find. Meanwhile, mitigations introduced by operating systems make them harder to be exploited. More and more applications are using hybrid technologies, so we can try web security tricks to pwn them reliably with less effort.
Our presentation will summarize attack surfaces and methods to find security issues in desktop applications. In particular, we will explicate some real-world cases, such as chaining multiple vulnerabilities (information leaking, CSP bypass, opened debugging port) to achieve RCE in a specialized IDE, sensitive file leaking in famous editors, privileged APIs abusing in many IM applications and so on. During our research, we find some issues actually reside in popular libraries. These flaws may affect more applications than we will demonstrate in this talk.
Web security knowledge is usually unfamiliar to desktop application developers. Attacking desktop apps using web security tricks is a non-competitive "blue ocean". Our presentation will focus on many design misconceptions and implementation mistakes in desktop applications. By sharing these representative lessons, we hope to help desktop application developers improve the security of their products.
Junyu Zhou
Junyu Zhou, Security Researcher in Tencent Security Xuanwu Lab, CTF player from 0ops/A*0*E, is focusing on vulnerability research and web application security. Speaker of HITB2018Dubai and ZeroNights2018.
Ce Qin
Ce Qin, Security Researcher in Tencent Security Xuanwu Lab for 3 years, focus on software security, mainly on browser and Desktop software.
Jianing Wang
Jianing Wang, Security Researcher in Tencent Security Xuanwu Lab, member of Syclover, is focusing on vulnerability research and web application security.
[ad_2]
Desktop apps
[vid_tags]
source
DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective
Demikianlah Artikel ruqyah syaro'iyah mandiri DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star
Anda sedang membaca artikel DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star dan artikel ruqyah syaro'iyah mandiri ini url permalinknya adalah https://mp3ayatterapiruqyah.blogspot.com/2019/11/def-con-27-conference-junyu-zhou.html Semoga artikel ruqyah syaro'iyah mandiri ini bisa bermanfaat.
0 Response to "DEF CON 27 Conference - Junyu Zhou - Web2Own Attacking Desktop Apps From Web Securitys Perspective download premium version original top rating star"
Post a Comment