Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gitaarwerk/svgpwnage
example code to teach obfuscated vulnerabilities in svg
https://github.com/gitaarwerk/svgpwnage
cybersecurity-awareness front-end hack javascript lesson malware obfuscation svg
Last synced: about 6 hours ago
JSON representation
example code to teach obfuscated vulnerabilities in svg
- Host: GitHub
- URL: https://github.com/gitaarwerk/svgpwnage
- Owner: gitaarwerk
- Created: 2023-10-09T10:41:02.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2023-10-24T09:39:50.000Z (about 1 year ago)
- Last Synced: 2023-10-24T10:34:00.402Z (about 1 year ago)
- Topics: cybersecurity-awareness, front-end, hack, javascript, lesson, malware, obfuscation, svg
- Language: JavaScript
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# svgpwnage
example code to teach obfuscated vulnerabilities in svg
## This example shows potential issues
1. Minified/unreadable code supplied can be harmful when the person who implements this can't understand it.
2. Trusted colleagues with bad intentions or breached
3. Third parties with bad intentions or breached
4. Sidecar injection by supplied code; intentional or unintentionally (breached) (dependancies)
5. Breached front-ends can be harder to spot than compromised systems
## Don't blame
1. Writing hacks are made to fool/hide it's malicious intent
2. It's a specialized business
3. Co-workers under pressure may not see this and may trust the coder
## To prevent large parts
1. Use CSP rules to reject sending data to unknown targets & prevent unsafe evaluation
2. Don't accept supplied minified code
3. SISO/parties involved should have a signed agreement in case of data-breaches
4. Have a small team of various experts to take a look when implementing third party code
5. Use malware scanners like Acunetix etc to find these issues