Create an Account
username: password:
  MemeStreams Logo

MemeStreams Discussion


This page contains all of the posts and discussion on MemeStreams referencing the following web page: The SPI laboratory : Speaking at Shmoo. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

The SPI laboratory : Speaking at Shmoo
by Acidus at 5:09 pm EDT, Mar 22, 2007

The first part of my presentation will provide an overview of all these new advanced threats. Specifically, how this attacks work and how they can be prevented. In the second half I’ll discuss how JavaScript is capable of crawling and auditing 3rd party websites just like a traditional web scanner. As a proof of concept, I created Jikto, a web scanner written in JavaScript. Although I will not be releasing the source code of Jikto, I will be giving a full live demo and provide a detailed discussion about its methodology and architecture. The purpose of this public discussion and demonstration is to raise awareness of the danger of a XSS vulnerability and educate web developers and administrators on how to create websites securely. The biggest tragedy of all would be if a developer decides to put off fixing a XSS vulnerability because they weren’t aware of all the damage that could be done.

Powered By Industrial Memetics