Html5 offers 5 times betterways to Hijack the website
Topics Introduction Timeline of Web Technologies Website Hijacking Types using HTML5 Conclusion
Introduction HTML5 is newer version of HyperText Markup Language. Adds features that allow new browser capabilities. e.g...
Website Hijacking Types using HTML5 Web Storage and DOM information extraction Third party/Offline HTML Widgets and Gadg...
Web Storage & DOM information extraction This allows an attacker to steal information via XSS Third party/Offline HTML ...
Web Workers injections It allows threading using JavaScript. WebWorker can help in payload delivery. If the application...
CSRF Attacks Cross-site request forgery, also known as a one-click attack or session riding. CSRF exploits the trust tha...
CSRF Attacks
Clickjacking A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link.
ClickJacking
SQL Injection
Conclusion The security of HTML5 applications is still dependent on the skill and care with which developers create them....
Thank you
Html5 offers 5 times better ways to hijack the website
Upcoming SlideShare
Loading in...5
×

Html5 offers 5 times better ways to hijack the website

991

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
991
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Html5 offers 5 times better ways to hijack the website

  1. 1. Html5 offers 5 times betterways to Hijack the website
  2. 2. Topics Introduction Timeline of Web Technologies Website Hijacking Types using HTML5 Conclusion
  3. 3. Introduction HTML5 is newer version of HyperText Markup Language. Adds features that allow new browser capabilities. e.g WebSQL, canvas, webworker & messaging, etc. Offers innovative ways for attackers to exploit and utilize these capabilities for malicious purpose.
  4. 4. Website Hijacking Types using HTML5 Web Storage and DOM information extraction Third party/Offline HTML Widgets and Gadgets Web Workers injections CSRF Attacks Clickjacking SQL Injection
  5. 5. Web Storage & DOM information extraction This allows an attacker to steal information via XSS Third party/Offline HTML Widgets and Gadgets Browser’s cache can be poisoned and attacker can inject a script.
  6. 6. Web Workers injections It allows threading using JavaScript. WebWorker can help in payload delivery. If the application is vulnerable to DOM-based XSS, then it is possible to inject a stealth thread in the background.
  7. 7. CSRF Attacks Cross-site request forgery, also known as a one-click attack or session riding. CSRF exploits the trust that a site has in a users browser.
  8. 8. CSRF Attacks
  9. 9. Clickjacking A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link.
  10. 10. ClickJacking
  11. 11. SQL Injection
  12. 12. Conclusion The security of HTML5 applications is still dependent on the skill and care with which developers create them. The increased usage of HTML5 will significantly contribute to the continued increase in web applications.
  13. 13. Thank you
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×