Jump to content
Nytro

Xss And Csrf With Html5 - Attack, Exploit And Defense

By Nytro, in Tutoriale video

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Xss And Csrf With Html5 - Attack, Exploit And Defense

Description: Abstract

HTML5 has empowered browser with a number of new features and functionalities. Browsers with this new architecture include features like XMLHttpRequest Object (L2), Local Storage, File System APIs, WebSQL, WebSocket, File APIs and many more. The browser is emerging as a platform like a little operating system and expanded its attack surface significantly. Applications developed in this new architecture are exposed to an interesting set of vulnerabilities and exploits. Both traditional vulnerabilities like CSRF and XSS can be exploited in this new HTML5 architecture. In this talk we will cover following new attack vectors and variants of XSS and CSRF.

HTML5 driven CSRF with XMLHttpRequest (Level 2)

CSRF with two way attack stream

Cross Site Response Extraction attacks using CSRF

Cross Origing Resource Sharing (CORS) policy hacking and CSRF injections

DOM based XSS with HTML5 applications

Exploiting HTML5 tags, attributes and events

DOM variable extraction with XSS

Exploiting Storage, File System and WebSQL with HTML5 XSS

Layered XSS and making it sticky with HTML5 based iframe sandbox

Jacking with HTML5 tags and features

In this session we will cover new methodology and tools along with some real life cases and demonstration. At the end we will cover some interesting defense methodologies to secure your HTML5 applications.

*****

Speaker: Shreeraj Shah

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy and iAppSecure Solution. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking: Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly and HNS. His work has been quoted on BBC, Dark Reading, Bank Technology, MIT Technology Review, SecurityWeek as an expert in the area of HTML5, Web 2.0 and Browser technologies and security.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source: XSS & CSRF with HTML5 - Attack, Exploit and Defense - Shreeraj Shah on Vimeo

Sursa: Xss And Csrf With Html5 - Attack, Exploit And Defense

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...