As usual, whenever the Tra Da Hacking comes, VSEC security engineer often prepare some hot topics for presentations. This time, VSECâs representative has brought to Tra Da Hacking 7 an extremely attractive content presentation and discussed finding ways to strengthen the network security for Vietnam.
Tra Da Hacking is an annual technique security seminar organized several times a year to promote the learning and researching on information security. Following the success of Tra Da Hacking 6, Tra Da Hacking 7 has returned spectacularly with security issues in the Era 4.0 held in Sai Gon.
The overview of Tra Da Hacking 7 (Source: Vozforum)
Nearly 100 guests and attendees were top security experts from FPT IS, Viettel, PWC, VNG, etc… The main topics of this workshop were Active Directory system attack techniques; Attack the modern domain name; Combined Java Deserialize and EL injection attacks in practice; Security issues in Smart Contract; Dynamic Diagnostics for malicious code in Ethereum Smart Contract … And VSECâs security engineer – Mr. Pham Van Dien presented Cross-Communication Security Issues.
The VSECâs representative presented Cross-Coummunication Security Issues (Source: Vozforum)
Nowadays, web applications are increasing rapidly such as web Services or web APIs in which other applications can get information then display to user. But there are some issues of security through cross-communication between web applications. This topic is going to cover some basic security issues about cross-communication.
The topic of VSEC was ebulliently discussed (Source: Vozforum)
According to the research of the speaker, there are 3 common types of vulnerabilities:
- Cross Origin Resource Sharing (CORS) Misconfiguration
- JSON-P (JSON with padding)
With the use of postMessage method, we can communicate between different windows, iframes or a webpage and embed iframe. There are two common attack types: dom-based XSS and sensitive information leakage that caused by improper validating origin of sender or origin of reciever is set to wildcard before being processed. Attacker can use this for stealing cookies/leaking information.
Attendees raised questions to the presenter (Source: Vozforum)
Tra Da Hacking 7 ended well, most questions had been answered and current security issues had founded the best solution. Looking forward to the next technique seminars will attract more and more the attention of the community and enhance the influence. VSEC will certainly accompany Tra Da Hacking!