OWASP Global AppSec US 2021
Attending this event?
Back To Schedule
Friday, November 12 • 1:00pm - 2:00pm
Exploiting web messaging implementations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In the presentation I will outline my journey on how I identified post messages vulnerabilities, performed research and made a powerful tool to allow other researchers to identify post messaging vulnerabilities.
I will talk about the cross-document messaging basics, developers’ common mistakes, demo of the open-source tools and expose of vulnerabilities already fixed by the vendors

avatar for Barak Tawily

Barak Tawily

CTO, enso.security
I am Barak Tawily, CTO of enso.security by day and Application Security Researcher by night. I have my own blog: https://quitten.github.io/ where I publish interesting things I research, and I am the author of Autorize (https://github.com/Quitten/Autorize), the most popular tool for research authorization flaws... Read More →

Friday November 12, 2021 1:00pm - 2:00pm PST
Feedback form isn't open yet.

Attendees (3)