Checkmarx source code analysis technologies
We invite you to contact our: Sales Support HR
               
 
 
News
 
04.02.2010   OWASP Israel 2010 - XSHM presentation
 
Come hear Alex Roichman, Checkmarx Chief Architect, on OWASP Israel, February 9th
 

The meeting will be held at 17:00 on Tuesday, Feb 9th, 2010.

Location: Amdocs Ra'anana


19:00 - 19:30 : XSHM - Cross Site History Manipulation - Checkmarx Chief Architect
Alex Roichman, Checkmarx


In this presentation Alex will introduce a newly discovered SOP (Same Origin Policy) security breach identified as Cross-Site History Manipulation (XSHM). Cross-Site History Manipulation breach is based on our research findings that the client-side browser history object is not properly partitioned on a per-site basis. Manipulating browser history may lead to SOP compromising, allow bi-directional CSRF and other exploitations such as: user privacy violation, login status detection, resource mapping, sensitive information inferring, users' activity tracking and URL parameter stealing. In the presentation Alex will show how XSHM can be executed, what applications are vulnerable to it, how to detect the flaw and consequently remediate it.

 

More on the OWASP Israel event:
http://www.owasp.org/index.php/OWASP_Israel_2010_02

 
For additional information about XSHM: 
http://www.checkmarx.com/CxDownloadRequest.aspx?id=6
Home   Company   Technology & Products   Partners & Customers   News   Careers   Contact Us