Overview
Explore HTML5 security vulnerabilities and attack vectors in this 50-minute conference talk from Derbycon 2012. Dive into client-side attacks, browser support for HTML5, and the most exploitable features. Learn about the SHARK repository, environment setup, and testing HTML5 capabilities. Discover advanced techniques like DDOS attacks and browser history tampering. Gain insights on mod_Security filtering rules and testing SHARK rules to enhance web application security.
Syllabus
Intro
Tony DeLaGrange
Jason Wood
Why Attack the Client?
HTML 5 Support in Browsers
Attacks with HTML5
Most Supported Features
HTML 5 "Cool" Features
Baaa-Dump... Baaaaa Dump...
SHARK Repository
SHFARK Environment Setup
Test Drive HTML 5 Features
Some "Cool" Features
But Wait, There's More!
DDOS Attack
Browser History Tampering
Mod_Security Filtering Rules
Testing SHARK Rules