I am a Forensic Computing BSc final year student. Its time to choose my final year project. I have the following idea
-) Investigating XSHM vulnerable browsers and the security measures that can be taken to prevent it.
I have done some research, not too much information out there really as its fairly new. I know its mainly client-side languages to perform attacks on web browser and I don't mind reading/learning JavaScript. I am strong PHP coder and know C (average). Not very good at networking side though.
I am still a bit stuck after reading around on what the project can entail i.e. what to make as a deliverable, types of tests to perform using code etc. Was wondering if any experts here could advise my on a little more information about XSHM, areas I need to focus on, tools/languages I need to learn.
Thanks for any advice, would really appreciate it.
N/B my supervisor said I can take this project hes not to fussed if its either forensic or security, the main idea is to do the theory, then learn the science and apply the science.
For my proof of concept I was thinking testing an old upatched IE6 version in vm machine . Then based on findings propose other browsers I think could be vulnerable and do more tests on others.
I don't know if it helps, but check this book " The Web Application hacker's Handbook", authors Daffyd Stuttard and Marcus Pinto.
It doesn't take into deep XSHM, but it provides strong knowledge about XSS, and client side flaws. Java Script is very easy to learn, and a lot of info out there.
I am a Forensic Computing BSc final year student. Its time to choose my final year project. I have the following idea
-) Investigating XSHM vulnerability and the measures that can be taken to prevent it. (with working code examples)
Not sure how that connects with CF – shouldn't you rather be able to identify (live or post-mortem) that some web code attempted XSHM successfully (or not)?
Preventing it sounds to me like a project in web security rather than a project in computer forensics.
If you want to look at it as in computer forensics rather than security you could analyse the SQL tables as persistent XSS relies on storing the values on the server so that when a victim loads the page then they also load the script.
As said above, preventative measures would be more on the computer security side.
Thanks for replies. amended my original question post.
By the way to clear this up, my supervisor said hes not to fussed if its either forensic or security project, the main idea is to do the theory, then learn the science and apply the science.