Explore the security implications of HTML5 in this 51-minute conference talk by Johannes Ullrich, presented by the OWASP Foundation. Delve into the new subsystems introduced by HTML5 and their impact on web application security. Learn how features like client-side data storage and hardware sensor access can enhance session tracking and improve authentication. Examine code samples and demonstrations that highlight both positive and negative security effects. Cover topics including mobile applications, multifactor authentication, Flash cookies, surf crosstalk risks, Opera Mini, canvas fingerprinting, geolocation, face recognition, accelerometer usage, popup notifications, and cryptography. Gain insights from Ullrich's extensive experience as a research physicist and web developer, and discover how HTML5 can be leveraged as a hidden security tool chest.
HTML5 - Security Risks and Tools in Modern Web Applications
Overview
Syllabus
Introduction
What is HTML5
Mobile applications
Authentication
Multifactor
Flash Cookies
Surf Crosstalk
Risks
Opera Mini
Canvas
Interactive Login
Connect Dots
Android Pattern
Demo
Canvas Support
Mobile Devices
Geolocation
Browser fingerprinting
Face recognition
Face detection API
Supported devices
Accelerometer
Popup notifications
Crypto
How it works
Summary
Taught by
OWASP Foundation
