OWASP 5005: Grossman & Hansen on New Zero-Day Browser Exploits and Clickjacking

Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 24, 2008 – Content produced by www.MediaArchives.com - Many other OWASP Conference videos available on www.OWASP.tv Get Involved Today! --- NEW ZERO-DAY BROSWER EXPLOITS: CLICKJACKING – YA, THIS IS BAD, with Jeremiah Grossman and Robert ‘RSnake’ Hansen. Security researchers have revealed that a new class of vulnerabilities dubbed "clickjacking" can put users of every major browser at risk from attack. Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by "CRSF" or "sidejacking." But clickjacking is different enough that the current anti-CRSF security provisions built into browsers, sites and Web applications are worthless.