HTML5 Zone is brought to you in partnership with:

Krzysztof is a DZone MVB and is not an employee of DZone and has posted 19 posts at DZone. You can read more from them at their website. View Full User Profile

HTML5: Some Security Concerns

  • submit to reddit

Last week I had a pleasure of giving a lecture talk for HackerPraktikum (HackPra) course at Ruhr-Universität Bochum. The talk entitled HTML5: Something wicked this way comes described various HTML5 / UI redressing techniques for attacking websites & Chrome extensions. There is also some unpleasant surprise for Google Chrome to Phone users.

I've just published the slides from the talk:


Courtesy of RUB, there is also a video recording of the talk. 



Published at DZone with permission of Krzysztof Kotowicz , author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Maven Kumar replied on Wed, 2011/11/30 - 6:55am

CORS that allows clients to securely mix resources from multiple domains, opens an attack surface on legacy servers that can't understand the corresponding requests. This enables attackers to trigger cross-domain APIs.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.