• Save
Top 10 HTML5 Threats and Silent Exploits by Zakirhusain Khatri
Upcoming SlideShare
Loading in...5
×
 

Top 10 HTML5 Threats and Silent Exploits by Zakirhusain Khatri

on

  • 475 views

Today Html has unveil its new view and version – HTML5 with new features and qualities to stand up in market, but does this newest version of HTML is secure? HTML5 comes with many new tag, ...

Today Html has unveil its new view and version – HTML5 with new features and qualities to stand up in market, but does this newest version of HTML is secure? HTML5 comes with many new tag, attributes, and advanced query components for better UI Experience and quality, but it heavily relies on JavaScript for many of its features.

Statistics

Views

Total Views
475
Views on SlideShare
475
Embed Views
0

Actions

Likes
3
Downloads
0
Comments
2

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Top 10 HTML5 Threats and Silent Exploits by Zakirhusain Khatri Top 10 HTML5 Threats and Silent Exploits by Zakirhusain Khatri Presentation Transcript

    • Top 10 HTML5 Threats and Silent Exploits PRESENTATION BY : ZAKIRHUSAIN KHATRI (CYBER SECURITY EXPERT | ETHICAL HACKER | SOFTWARE ENGINEER) WWW.TWITTER.COM/ZAKIRHUSAIN92 | WWW.SECUREWEBWORLD.BLOGSPOT.IN
    • Top 10 HTML5 Threats and Silent Exploits
    • Is HTML5 hackable ? HTML5 New features, but secure ?  HTML5 with new features and qualities, but it heavily relies on JavaScript for many of its features.  Local storage feature and allowing offline database storage for application.  application or game made in HTML5 is not secure, as its source code is publicly accessible. JavaScript XSS Attack on Twitter
    • Classification of Threats and Silent Exploits XHR and Tags 1. CSRF with XHR and CORS bypass 2. Jacking (Click, COR, Tabs) 3. HTML5 driven XSS (tags, attributes, events) Thick Features 4. Attacking local storage and DOM variables 5. Browser SQL points exploiting 6. Injections with Web Messaging and workers DOM based attacks 7. DOM based XSS and issues 8. Offline attacks and cross widget vectors 9. Web socket issues 10. API and Protocol Attacks
    • 1. CSRF with XHR and CORS bypass  It is possible to initiate a CSRF vector using XHR-Level 2 on HTML5 pages and it can prove to be a really lethal attack vector.  CORS (Cross Origin Resource Sharing) is a “blind response” technique and is controlled by an extra HTTP header “origin”, which allows the request to hit the target. Therefore, it is possible to do a one-way CSRF attack.
    • 2. Jacking (Click, COR)  Click Jacking is becoming a popular attack vector in current applications. Many of social networking websites allow reloading their content into an iframe.  In general HTML5 helps in opening up few additional ways of performing Click Jacking.  Many application run as single DOM application, If DOM is forced to change underlying resource on the fly and replaced by cross origin/domain resource then it causes Cross Origin Resource Jacking (COR Jacking).
    • 3. HTML5 driven XSS (tags, attributes, events)  All these attributes allows JavaScript execution and XSS and CSRF can abuse these tags.  Tags – media (e.g. audio/video), canvas (e.g. getImageData), buttons/commands, me nu, embed, Form control (e.g. keys)  Attributes – autofocus, manifest, form, submit, sandbo x, rel etc.  Events/Objects – Navigation (e.g. _self), Drag-Drop APIs, Editable content, pushState (e.g. History) etc.
    • 4. Attacking local storage and DOM variables  HTML5 comes with Localstorage, wherein a developer can create LocalStorage for the application and can store their information.  LocalStorage can be accessed through “JavaScript” and this allows an attacker to attack via XSS.  If the application is vulnerable to Cross Site Scripting (XSS) attack, you can imagine an attack using XSS to get hash from the LocalStorage or session token.
    • 5. Browser SQL points exploitions  HTML5 is allowing offline databases storage in the form of WebSQL. This feature enhances performance of application.  We have seen a lot of SQL injections on the server side coding but now this mechanism can open up client side SQL injections attacks.  HTML5 is having two important data points – WebSQL and Storage. They are controlled by well-defined RFCs and specifications. These APIs can be accessed using JavaScript.
    • 6. Injections with Web Messaging and workers  HTML5 has newly added vectors Web Messaging and Worker. It allows threading using JavaScript. In typical Web 2.0 Applications WebWorker can help in payload delivery and exploitation.  As Web 2.0 applications run in single DOM, in this case, if the Web 2.0 application is vulnerable to DOM-based XSS attack, then an attacker can monitor all activities.  If the DOM hosts widgets and other components, the attacker starts getting useful information.
    • 7. DOM based XSS and issues  Browser specifications are changed in three dimensions – HTML 5, DOM-Level 3 and XHR-Level2; each tightly integrated with the other.  By the help of XHR calls, HTML 5 applications use DOM extensively and dynamically change content.  Poor implementation in web application allows DOM-based injections and DOM manipulation is done by several different DOM-based calls.  DOM injections can allow add-on hacking and other browser-related hacks.
    • 8. Offline attacks and cross widget vectors  For offline usage HTML5 supports caching pages and it can cause a security issues within the application framework.  A browser’s cache can be poisoned or manipulate and attacker can inject a script or payloads and then keep an eye on particular domain.  <html manifest="/appcache.manifest">  Above tag can inject cache for offline use and list of pages gets stored on browser side. Widgets are using Web Messaging and Workers extensively in HTML5 framework.
    • 9. Web socket issues  HTML 5 supports WebSocket – a feature that allows browsers to open sockets to target ports on certain IPs.  This method can be used by an attacker to craft an attack vector which communicates with web ports and even with non-web ports with restrictions.  Web Socket brings following possible threats  • Back door and browser shell  • Quick port scanning  • Botnet and malware can leverage (one to many connections)  • Sniffer based on Web Socket
    • 10.API and Protocol Attacks  HTML5 also allows thick client like features inside a browser’s UI. An attacker can leveraged these features to craft an attack vectors.  By the help of drag-drop thick client APIs an attacker can leverage it which can help in exploiting self XSS, content/session extraction, forcing data on the fields, etc.  HTML5’s few other APIs are interesting from security standpoint  File APIs – allows local file access and can mixed with ClickJacking and other attacks to gain client files.  Drag-Drop APIs – exploiting self XSS and few other tricks, hijacking cookies …
    • Thank you  In simple words we can say that HTML5 has more easy way of hacking and new techniques.  Any question or further information. Contact me. www.twitter.com/zakirhusain92 http://bit.ly/1i7tTHe