Your SlideShare is downloading. ×
Html5 offers 5 times better ways to hijack the website
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Html5 offers 5 times better ways to hijack the website

962

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
962
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Html5 offers 5 times betterways to Hijack the website
  • 2. Topics Introduction Timeline of Web Technologies Website Hijacking Types using HTML5 Conclusion
  • 3. Introduction HTML5 is newer version of HyperText Markup Language. Adds features that allow new browser capabilities. e.g WebSQL, canvas, webworker & messaging, etc. Offers innovative ways for attackers to exploit and utilize these capabilities for malicious purpose.
  • 4. Website Hijacking Types using HTML5 Web Storage and DOM information extraction Third party/Offline HTML Widgets and Gadgets Web Workers injections CSRF Attacks Clickjacking SQL Injection
  • 5. Web Storage & DOM information extraction This allows an attacker to steal information via XSS Third party/Offline HTML Widgets and Gadgets Browser’s cache can be poisoned and attacker can inject a script.
  • 6. Web Workers injections It allows threading using JavaScript. WebWorker can help in payload delivery. If the application is vulnerable to DOM-based XSS, then it is possible to inject a stealth thread in the background.
  • 7. CSRF Attacks Cross-site request forgery, also known as a one-click attack or session riding. CSRF exploits the trust that a site has in a users browser.
  • 8. CSRF Attacks
  • 9. Clickjacking A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link.
  • 10. ClickJacking
  • 11. SQL Injection
  • 12. Conclusion The security of HTML5 applications is still dependent on the skill and care with which developers create them. The increased usage of HTML5 will significantly contribute to the continued increase in web applications.
  • 13. Thank you

×