Abstract

Browsers are escalating their feature set to accommodate new specifications like HTML 5, XHR Level 2 and DOM Level 3. It is forming the backbone of next generation applications running on mobile, PDA devices or desktops. The blend of DOM (Remote Execution stack) , XHR L2 (Sockets for injections) and HTML5 (Exploit delivery platform) is becoming easy victim for attackers and worms. We have already witnessed these types of attacks on popular sites like twitter, facebook or yahoo. It is of the essence to understand attack surface and vectors to protect next generation applications. We have enormous expansion of attack surface after inclusion of features like audio/video tags, drag/drop APIs, CSS-Opacity, localstorage, web workers, DOM selectors, Mouse gesturing, native JSON, Cross Site access controls, offline browsing etc. This extension of attack surface and exposure of server side APIs allow attacker to perform following lethal attacks and abuses.

1. XHR abuse with attacking Cross Site access controls using level 2 calls
2. JSON manipulations and poisoning
3. DOM API injections and script executions
4. Abusing HTML5 tag structure and attributes
5. Localstorage manipulation and foreign site access
6. Attacking client side sandbox architectures
7. DOM scrubbing and logical abuse
8. Browser hijacking and exploitation through advanced DOM features
9. One-way CSRF and abusing vulnerable sites
10. DOM event injections and controlling (Clickjacking)
11. Hacking widgets, mashups and social networking sites
12. Abusing client side Web 2.0 and RIA libraries

We will be covering above attacks and their variants in detail along with some real life cases and demonstrations. It is also important to understand methods of discovering these types of vulnerabilities across application base. We will see some new scanning tools and approaches to identify some of these key issues.