Hackers of India

XSS & CSRF strike back – Powered by HTML5

By  Shreeraj Shah  on 11 Oct 2012 @ Hitb Sec Conf

Abstract

HTML5 has empowered browser with a number of new features and functionalities. Browsers with this new architecture include features like XMLHttpRequest Object (L2), Local Storage, File System APIs, WebSQL, WebSocket, File APIs and many more. The browser is emerging as a platform like a little operating system and expanded its attack surface significantly. Applications developed in this new architecture are exposed to an interesting set of vulnerabilities and exploits. Both traditional vulnerabilities like CSRF and XSS strike back and powered by HTML5. In this paper we will cover following new attack vectors and variants of XSS and CSRF.

In this session we will cover new methodology and tools along with some real life cases and demonstration. At the end we will cover some interesting defense methodologies to secure your HTML5 applications.