APPSEC Cali 2018 - Edgeguard: Client-side DOM Security - detecting malice - An Open Framework

GkpIsSxPpp0/default.jpg

Abstract :
“Project edgeguard” is a open framework that allows you to detect when malicious content (planted in your browser via hacking or client-side malware attacks) results in sensitive user data to be stolen and transmitted to third parties (hackers, cybercrime etc). - Similar to many banking Trojans.

Injection and tampering attacks:
Malicious content can be placed within a user’s browser whilst using your web application by virtue of a client-side security weakness/vulnerability or certain types of browser malware (e.g. Man in the Browser attacks).

Edgeguard is a “Zero-footprint” library that aims to detect exfiltration of sensitive user data from the browser.
by Rahim Jina and Eoin Keary

by Eoin Keary, Founder / CEO of edgescan.com and Rahim Jina, Chief Operating Officer of edgescan.com

Eoin is the CEO and founder of edgescan.com a managed web vulnerability intelligence and threat detection service which is a listed “Sample vendor” and 'Noteable vendor" in the Gartner Application Security Hypecycle and MQ for Managed Security Services. Eoin previously was on the international board member of OWASP (2009-2015), The Open Web Application Security Project. During his time in OWASP he has lead the OWASP Testing Guide and founded the Security Code Review Guide and also contributed to OWASP SAMM, was the original author of the CISO Survey and contributor to the OWASP Cheat Sheet Series. Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. Eoin was voted “OWASP Security Person of the year 2015 & 2017” and also awarded “Tech Excellence Rising Star 2016”.


Rahim is the Chief Operating Officer of edgescan™, a Security Consultancy firm and Fullstack Vulnerability Management SaaS based in Dublin, Ireland. Rahim is responsible for operational excellence and has extensive experience delivering penetration testing services to a wide range of organizations globally across many industry verticals. Prior to this, Rahim was Head of Product & Operational Security for Fonality, a VOIP provider based in Los Angeles and was also a senior security consultant for a ‘Big 4’ consultancy firm for many years. Rahim has been an OWASP (Open Web Application Security Project) contributor and volunteer since 2007 and was part of the Dublin chapter board for a number of years. Rahim graduated in 2002 from Trinity College Dublin (Ireland) with a Bachelor’s degree in Computer Science, completed an M.Sc in Security & Forensic Computing from Dublin City University (Ireland) in 2006 and has been a CISSP (Certified Information Systems Security Professional) since 2008.



Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

GkpIsSxPpp0/default.jpg
APPSEC Cali 2018 - Edgeguard: Client-side DOM Security - detecting malice - An Open Framework APPSEC Cali 2018 - Edgeguard: Client-side DOM Security - detecting malice - An Open Framework Reviewed by Unknown on March 19, 2018 Rating: 5