Deep Dive Into postMessage Security — by Tatiana Mikhailova
Updated: Dec 26, 2020
SINCON 2020 Conference Insights Track
Day 2 (3 Jan 2021)
@ Main Stage
In the first part of the speech, I am going to talk about the history of cross-domain communication and the purpose of postMessage mechanism.
In the second part, I will show the security issues of the mechanism and different ways of its exploitation including interesting tricks.
Finally, I will talk about an approach of searching such vulnerabilities and its automation.
About Tatiana Mikhailova
TATIANA MIKHAILOVA is an Information security researcher and pentester.