Html5 offers 5 times better ways to hijack the website Presentation Transcript
Html5 offers 5 times betterways to Hijack the website
Topics Introduction Timeline of Web Technologies Website Hijacking Types using HTML5 Conclusion
Introduction HTML5 is newer version of HyperText Markup Language. Adds features that allow new browser capabilities. e.g WebSQL, canvas, webworker & messaging, etc. Offers innovative ways for attackers to exploit and utilize these capabilities for malicious purpose.
Website Hijacking Types using HTML5 Web Storage and DOM information extraction Third party/Offline HTML Widgets and Gadgets Web Workers injections CSRF Attacks Clickjacking SQL Injection
Web Storage & DOM information extraction This allows an attacker to steal information via XSS Third party/Offline HTML Widgets and Gadgets Browser’s cache can be poisoned and attacker can inject a script.
CSRF Attacks Cross-site request forgery, also known as a one-click attack or session riding. CSRF exploits the trust that a site has in a users browser.
Clickjacking A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link.
Conclusion The security of HTML5 applications is still dependent on the skill and care with which developers create them. The increased usage of HTML5 will significantly contribute to the continued increase in web applications.