Presentation Material

Abstract

video

HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and able to execute Rich Internet Applications in the context of modern browser architecture. Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is not a single technology stack but combination of various components like XMLHttpRequest (XHR), Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser rendering. It brings several new technologies to the browser which were not seen before like localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to compromise. In this paper and talk we are going to walk through these new architectures, attack surface and possible threats. Here is the top 10 threats which we are going to cover in detail with real life examples and demos.

• A1 - CORS Attacks & CSRF
• A2 - ClickJacking, CORJacking and UI exploits
• A3 - XSS with HTML5 tags, attributes and events
• A4 - Web Storage and DOM information extraction
• A5 - SQLi & Blind Enumeration
• A6 - Web Messaging and Web Workers injections
• A7 - DOM based XSS with HTML5 & Messaging
• A8 - Third party/Offline HTML Widgets and Gadgets
• A9 - Web Sockets and Attacks
• A10 - Protocol/Schema/APIs attacks with HTML5

Above attack vectors and understanding will give more idea about HTML5 security concerns and required defense. It is imperative to focus on these new attack vectors and start addressing in today’s environment before attackers start leveraging these features to their advantage. We are going to see new tricks for HTML5 vulnerabilities scanning and tools.

AI Generated Summary^{may contain errors}

Here is a summarized version of the content:

The speaker discusses various security concerns related to HTML5, including:

1. Cache poisoning: HTML5’s manifest tag can inject cache into browsers, allowing cross-widget sharing and potential security threats.
2. WebSockets: The WebSocket API allows for full-duplex TCP channels, which can be exploited by malicious actors to create backdoors, shell access, port scanning botnets, and malware.
3. Protocol schema attacks: Attackers can register their own protocols, such as “mailto:”, to exploit vulnerabilities in browsers.
4. Drag-and-drop API file attacks: Various APIs, like the File API, can be exploited for malicious purposes.
5. Sticky XSS (Cross-Site Scripting): HTML5 allows for creating persistent XSS attacks that remain even after a user leaves the infected page.

The speaker demonstrates an attack vector using pushState API to change the address bar and create a sticky XSS attack. They also mention various resources, including html5rocks.com, solidhtml5days.com, and the blog of Coto, which provide information on HTML5 security concerns and protection measures.