HTML5 provides web users a rich experience with features including cross-origin communication, local storage, sandboxed iframe and web sockets. However, to quote Voltaire, “with great power, comes great responsibility.” The features that make HTML5 powerful can also leave applications ripe for exploitation. This talk scrutinizes the top five threats that impact HTML5.
We will demonstrate specific HTML5 features that not only introduce new attack vectors, but undo critical protection mechanisms developed in legacy applications. For instance, attackers can use these new features to bypass current clickjacking protections or render anti-CSRF protections completely useless as well as find new venues to steal sensitive user data. Attendees will learn techniques to prevent their applications from falling victim to these types of malicious tricks.
Learning objectives from this session include:
1. Live demonstrations and real world examples highlighting incorrect usage of these features
2. Tips for secure development using HTML5 and associated technologies to build rich and safe applications
3. Tips for fortifying legacy applications impacted by HTML5-related browser enhancements
- Real world examples highlighting incorrect usage of HTML5 features
- Tips for secure development using HTML5 and associated technologies
- Tips for fortifying legacy applications impacted by HTML5-related browser enhancements
About Nidhi Shah
Nidhi Shah is a Principal Research Engineer in the Software Security Research division at HP Enterprise Security. Her main focus is staying on top of new and upcoming web technologies and evaluating them for security weakness. Her daily responsibilities include developing innovative and efficient ways to detect these weaknesses. In past Nidhi has hold senior research positions at Barracuda network where she was responsible for algorithms to detect and prevent latest malware attacks. She is a published author and has spoken at top conferences including RSA USA.