HTML5 Zone
HTML5 Zone is brought to you in partnership with:

Krzysztof is a DZone MVB and is not an employee of DZone and has posted 17 posts at DZone. You can read more from them at their website. View Full User Profile

HTML5: Some Security Concerns

11.29.2011
| 2726 views |
  • submit to reddit

We Recommend These Resources

NOSQL for the Enterprise

Last week I had a pleasure of giving a lecture talk for HackerPraktikum (HackPra) course at Ruhr-Universität Bochum. The talk entitled HTML5: Something wicked this way comes described various HTML5 / UI redressing techniques for attacking websites & Chrome extensions. There is also some unpleasant surprise for Google Chrome to Phone users.

I've just published the slides from the talk:

 

Html5: something wicked this way comes - HackPra

Courtesy of RUB, there is also a video recording of the talk. 

 

Source: http://blog.kotowicz.net/2011/11/html5-something-wicked-this-way-comes.html

Published at DZone with permission of Krzysztof Kotowicz , author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Maven Kumar replied on Wed, 2011/11/30 - 6:55am

CORS that allows clients to securely mix resources from multiple domains, opens an attack surface on legacy servers that can't understand the corresponding requests. This enables attackers to trigger cross-domain APIs.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
"Starting from scratch" is seductive but disease ridden
-Pithy Advice for Programmers