Mario Heiderich
19 SlideShares 0 Clipboards 483 Abonné 2 Suivis
Personal Information
Entreprise/Lieu de travail
Berlin Germany
Profession
Security Research / Penetration Testing
Site Web
cure53.de
À propos
I find bugs. Some for customers, some for fun. Some I can talk about, some I can't. Other than that I am a very simple person.
Coordonnées
Mots-clés
xss security javascript browser html5 firefox html svg xml attack phpids jsmvc angularjs obfuscation confidence opera vector detection generic chrome sandbox github clipboard office copy&paste es6 javascript ecma xss browser es2015 ecmascript dom clobbering xss security browser html css javas mvc framework innerhtml attacks scriptless xfo noscript csp xssme useragent defense images kittens es5 ids ips rbac prague vulnerability attacking developer svn css makup sql secuity web german wrmer worms xss security javascript useragent obfuscation vectors gecko trident w3c xhtml markup xxe
Tout plus
Présentations (19)
Tout voir
Generic Attack Detection - ph-Neutral 0x7d8
il y a 14 ans 1541 Vues
I thought you were my friend!
il y a 14 ans 1729 Vues
The Ultimate IDS Smackdown
il y a 13 ans 1659 Vues
JavaScript From Hell - CONFidence 2.0 2009
il y a 13 ans 21854 Vues
Web Wuermer
il y a 12 ans 1594 Vues
The Future of Web Attacks - CONFidence 2010
il y a 12 ans 2872 Vues
I thought you were my friend - Malicious Markup
il y a 12 ans 3581 Vues
HTML5 - The Good, the Bad, the Ugly
il y a 12 ans 1977 Vues
Dev and Blind - Attacking the weakest Link in IT Security
il y a 12 ans 5641 Vues
Locking the Throne Room - How ES5+ might change views on XSS and Client Side Security
il y a 11 ans 3201 Vues
The Image that called me - Active Content Injection with SVG Files
il y a 11 ans 9982 Vues
Locking the Throneroom 2.0
il y a 11 ans 6385 Vues
Scriptless Attacks - Stealing the Pie without touching the Sill
il y a 10 ans 45533 Vues
The innerHTML Apocalypse
il y a 9 ans 34590 Vues
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
il y a 9 ans 70202 Vues
In the DOM, no one will hear you scream
il y a 8 ans 32884 Vues
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else
il y a 7 ans 45149 Vues
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-application XSS
il y a 7 ans 29894 Vues
An Abusive Relationship with AngularJS
il y a 7 ans 129095 Vues
J’aime (1)
A XSSmas carol
cgvwzq il y a 6 ans
Présentations (19)
Tout voir
Generic Attack Detection - ph-Neutral 0x7d8
il y a 14 ans 1541 Vues
I thought you were my friend!
il y a 14 ans 1729 Vues
The Ultimate IDS Smackdown
il y a 13 ans 1659 Vues
JavaScript From Hell - CONFidence 2.0 2009
il y a 13 ans 21854 Vues
Web Wuermer
il y a 12 ans 1594 Vues
The Future of Web Attacks - CONFidence 2010
il y a 12 ans 2872 Vues
I thought you were my friend - Malicious Markup
il y a 12 ans 3581 Vues
HTML5 - The Good, the Bad, the Ugly
il y a 12 ans 1977 Vues
Dev and Blind - Attacking the weakest Link in IT Security
il y a 12 ans 5641 Vues
Locking the Throne Room - How ES5+ might change views on XSS and Client Side Security
il y a 11 ans 3201 Vues
The Image that called me - Active Content Injection with SVG Files
il y a 11 ans 9982 Vues
Locking the Throneroom 2.0
il y a 11 ans 6385 Vues
Scriptless Attacks - Stealing the Pie without touching the Sill
il y a 10 ans 45533 Vues
The innerHTML Apocalypse
il y a 9 ans 34590 Vues
JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
il y a 9 ans 70202 Vues
In the DOM, no one will hear you scream
il y a 8 ans 32884 Vues
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else
il y a 7 ans 45149 Vues
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-application XSS
il y a 7 ans 29894 Vues
An Abusive Relationship with AngularJS
il y a 7 ans 129095 Vues
J’aime (1)
A XSSmas carol
cgvwzq il y a 6 ans