OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 1:00pm - 2:00pm
Exploiting web messaging implementations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In the presentation I will outline my journey on how I identified post messages vulnerabilities, performed research and made a powerful tool to allow other researchers to identify post messaging vulnerabilities.
I will talk about the cross-document messaging basics, developers’ common mistakes, demo of the open-source tools and expose of vulnerabilities already fixed by the vendors

avatar for Barak Tawily

Barak Tawily

CTO, enso.security
I am Barak Tawily, CTO of enso.security by day and Application Security Researcher by night. I have my own blog: https://quitten.github.io/ where I publish interesting things I research, and I am the author of Autorize (https://github.com/Quitten/Autorize), the most popular tool for research authorization flaws... Read More →

Friday November 12, 2021 1:00pm - 2:00pm PST

Attendees (9)