WEB BROWSER DRIVE - BY EXPLOITS ON THE WILD

Client side exploits are the real concern of security staffs of every company worldwide. As reported by Neil Daswani, CTO and founder of Dasient, in OWASP AppSec DC conference, an incredible growth in the number of exploits against client applications versus server daemons demonstrates that the weakest link is still the end-user. Moreover, it proves to be hard to deploy a corporate wide policy to mitigate the use of, or apply patches for vulnerable applications, when a 0-day is released every other week against common applications such as Adobe Reader, Flash Player or Mozilla Firefox. The most targeted among these client applications are web browsers and their plugins. By means of drive by download exploits, botnets, easily recruit new zombies, by silently downloading and installing malware without ever rising any suspicion in the victim. These drive by exploits have become more and more complex in terms of distribution and obfuscation. Most of them involve Javascript and iFrame injection. Others involve exploitation of the latest Flash player vulnerabilities.