TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
BUY TICKETS
BUY TICKETS
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Menu
  • About
    • About Us
    • Venue
    • Sponsors
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
        • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • 2023 Conference Agenda
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
    • Mastering Fuzzing
  • Competitions
    • TyphoonPWN
    • TyphoonCon CTF 2023
Back to Agenda

Browser Security Showdown: Uncovering Security Vulnerabilities in Modern Browsers

Talk overview:

Web applications have become increasingly significant with the rise of the internet during this decade. Browsers, the medium through which web applications are accessed, must adhere to the design and implementation of security policies and mechanisms to protect their users from potential security risks. The most notable of these policies are Same Origin Policy (SOP) and Content Security Policy (CSP). However, due to the increasing complexity of modern browsers and operating systems, memory corruption exploitation has become difficult, making vulnerability classes such as SOP Bypass, UXSS, spoofing, Cross File attacks etc more prevalent. Mobile browsers, however, are relatively new and, as a result, have not undergone the same level of scrutiny as web browsers. Hundreds of families of different mobile browsers exist, each advertising a different set of capabilities. These browsers often incorporate new features and functionalities without having undergone systematic security checks, which widens the threat surface. In this presentation, the author will discuss a methodology for discovering novel security vulnerabilities in browsers, including address bar spoofing. The presentation will include a walkthrough of novel vulnerabilities discovered by the author.
 
The author will demonstrate how these bugs can be used to evade antiphishing, site reputation-based filters, as well as exploit password managers in modern browsers. Challenges and pitfalls with modern mobile browsers in terms of security and possible solutions to overcome them will also be discussed.

Share on

you might be interested in

Explore all talks
Keynote Speaker

How to build Skynet – a system that hacks systems

Professor Insu Yun
|
Assistant Professor at KAIST
Keynote Speaker

Exploring Offensive Security in Korea

Yongil Lee
|
CISO at Peoplefund

When Athletic Abilities Just Aren’t Enough – Scoreboard Hacking

Maxwell Dulin
|
Senior security consultant at Security Innovation
Explore all talks

Take part in The Best
All Offensive Security
Conference in Asia

Get your TyphoonCon tickets today!

buy tickets

for more information

Email Info@typhooncon.com

Follow us

  • Facebook
  • Twitter
  • Linkedin
  • Facebook
  • Twitter
  • Linkedin
  • Email