HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is no more just the technology of the future as many believe, it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible. Web developers and users assume that just because their site does not implement any HTML5 features they are unaffected. Also a large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality. This presentation will show how existing 'HTML4' sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally we look at an attack where the attacker is not interested in the victim's data or a shell on the machine but is instead after something that might perhaps even be legal to steal!
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.