Overview
Explore the emerging security challenges posed by HTML5 in this comprehensive Black Hat USA 2012 conference talk. Delve into the enhanced browser capabilities and Rich Internet Application features of HTML5, including its implementation on mobile devices. Examine the complex technology stack comprising XMLHttpRequest, Document Object Model, Cross Origin Resource Sharing, and advanced HTML/Browser rendering. Discover new browser technologies such as localstorage, webSQL, websocket, and webworkers, which expand the attack surface for malicious actors. Learn about the top 10 HTML5 threats, including CORS attacks, ClickJacking, XSS vulnerabilities, web storage exploitation, SQL injection, web messaging injections, DOM-based attacks, third-party widget risks, WebSocket vulnerabilities, and protocol/schema/API attacks. Gain insights into stealth attack techniques and silent exploits that are difficult to detect yet highly effective in compromising systems. Understand the importance of addressing these new attack vectors in today's cybersecurity landscape and explore emerging tools and techniques for HTML5 vulnerability scanning.
Syllabus
Black Hat USA 2012 - HTML5 Top 10 Threats: Stealth Attacks & Silent Exploits
Taught by
Black Hat