Toorcon Seattle, 2011. XSS Without the Browser. Wait, what?. # whoami. Kyle Osborn…. Many know me as Kos. http:// kyleosborn.com / http:// kos.io / @ theKos Application Security Specialist at WhiteHat Security. HTML Rendering Engines. Trident – Windows (Internet Explorer)
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Toorcon Seattle, 2011
Conventional web vulnerabilities can now become desktop vulnerabilities.
Binary foo? More like “I once made a website for Grandma’s knitting company”-foo.
Fixed in latest versions of Skype
Same Origin Policy
The Same Origin Policy is based on an Origin.
What is the “origin” inside desktop applications?
My point is: The outcome can be very bad, applications like this should be tested.
gwibber(Linux twitter client)
…there has got to be more