Submit Search
Upload
HTML5 hacking
•
5 likes
•
3,078 views
B
Blueinfy Solutions
Follow
This preso covers HTML5 hacking and security in detail
Read less
Read more
Technology
Report
Share
Report
Share
1 of 84
Recommended
This preso covers XPATH, LDAP and Path traversal injections.
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
Blueinfy Solutions
this preso covers CSRF, ClickJacking and Open Redirect.
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
DefconRussia
HTML5 introduces significant changes for today\'s websites: new and updated tags, new functionality, better error handling and improved Document Object Model (DOM). However, the HTML5 new features come with new (application) security vulnerabilities. This presentation reviews the new attack vectors, associated risks and what a needs to be taken into consideration when implementing HTML5.
Html5 Application Security
Html5 Application Security
chuckbt
This presentation covers application footprinting, assessment and enumeration techniques.
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
This preso covers SAST and Source Code Analysis techniques in detail.
Source Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
This presentation covers DASt/SAST and Manual testing for web applciations.
Assessment methodology and approach
Assessment methodology and approach
Blueinfy Solutions
Recommended
This preso covers XPATH, LDAP and Path traversal injections.
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
Blueinfy Solutions
this preso covers CSRF, ClickJacking and Open Redirect.
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
DefconRussia
HTML5 introduces significant changes for today\'s websites: new and updated tags, new functionality, better error handling and improved Document Object Model (DOM). However, the HTML5 new features come with new (application) security vulnerabilities. This presentation reviews the new attack vectors, associated risks and what a needs to be taken into consideration when implementing HTML5.
Html5 Application Security
Html5 Application Security
chuckbt
This presentation covers application footprinting, assessment and enumeration techniques.
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
This preso covers SAST and Source Code Analysis techniques in detail.
Source Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
This presentation covers DASt/SAST and Manual testing for web applciations.
Assessment methodology and approach
Assessment methodology and approach
Blueinfy Solutions
Html5 localstorage attack vectors
Html5 localstorage attack vectors
Shreeraj Shah
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Shreeraj Shah
HTML5 related mobile security issues and concerns.
Html5 on mobile
Html5 on mobile
Blueinfy Solutions
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
This preso covers Web Services Security in detail.
Web Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
All about HTML5 Security.
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
D@W REST security
D@W REST security
Gaurav Sharma
This preso covers application layer fuzzing.
Application fuzzing
Application fuzzing
Blueinfy Solutions
Mobile Security Review
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Blueinfy Solutions
Lets Make our Web Applications Secure
Lets Make our Web Applications Secure
Lets Make our Web Applications Secure
Aryashree Pritikrishna
A short talk I gave in a get together for the Owasp UAE chapter about the top 10's A1: Injection.
Owasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
OWASP Top 10 vs Drupal Abstract: Drupal is the most used and well-known open source content management system in the world. Created by Dries Buytaert years ago it has grown with the support of a big community. Drupal 7 is already released and there is an entire ecosystem for Drupal and Drupal web agencies. During this presentation we will discuss the findings of an automated static code analysis of Drupal 6 and Drupal 7 and how Drupal protects against the OWASP Top 10 Application Security Risks. We will explain the security weaknesses that remain when you use Drupal and what you can implement to have a secure cloud server running Drupal.
OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012
ZIONSECURITY
Hacking browser components by Reverse Engineering is emerging as the best way for discovering potential vulnerabilities across web applications in an era of Rich Internet Applications (RIA). The RIA space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous third party libraries. Browsers are the target of hackers, worms and malware with specific scope, almost on a daily basis. We have seen exploitation of these technologies on popular sites like Facebook, Twitter, Yahoo, Google, to name a few. The traditional boundaries of web applications are disappearing. Browsers today host a substantial part of web applications including data access, business logic, encryption, etc. along with presentation layer. This shift is making browser components a potential target for hackers. The danger of poorly written browser components being
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
null - HasGeek - JSFoo HackNight - 03 August 2013
Secure java script-for-developers
Secure java script-for-developers
n|u - The Open Security Community
My presentation in IQPC conference "Comprehensive tour of web application attacks"
Common Web Application Attacks
Common Web Application Attacks
Ahmed Sherif
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Web application attack is the big topic and it changed every time. In this slide I show you some basic web attact methods. Thanks
Web application attack Presentation
Web application attack Presentation
Khoa Nguyen
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
Coomon Web Application attacks
Web application attacks
Web application attacks
hruth
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019. It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Mohamed Talaat
Presentation on HTML5 security at OWASP Hyderabad Chapter-19th May 2012.
Html5 security
Html5 security
Krishna T
Palestra ministrada no OWASP Floripa Day - Florianópolis - SC | A palestra tem como objetivo mostrar os conceitos e funcionamento de algumas funcionalidades que foram adicionadas ao HTML5, levando em consideração os aspectos de segurança do client-side. Para as funcionalidades destacadas, foram criados cenários de ataques visando ilustrar a obtenção de informações sensíves armazenadas no browser ou até mesmo usar o browser da vítima para lançar ataques contra outros sistemas. Através da exploração das funcionalidades existentes no HTML5, técnicas de exploração como XSS e CSRF, tornam-se mais poderosas e eficientes, sendo possível em alguns casos contornar algumas restrições do Same Origin Policiy (SOP).
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
More Related Content
What's hot
Html5 localstorage attack vectors
Html5 localstorage attack vectors
Shreeraj Shah
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Shreeraj Shah
HTML5 related mobile security issues and concerns.
Html5 on mobile
Html5 on mobile
Blueinfy Solutions
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
This preso covers Web Services Security in detail.
Web Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
All about HTML5 Security.
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
D@W REST security
D@W REST security
Gaurav Sharma
This preso covers application layer fuzzing.
Application fuzzing
Application fuzzing
Blueinfy Solutions
Mobile Security Review
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Blueinfy Solutions
Lets Make our Web Applications Secure
Lets Make our Web Applications Secure
Lets Make our Web Applications Secure
Aryashree Pritikrishna
A short talk I gave in a get together for the Owasp UAE chapter about the top 10's A1: Injection.
Owasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
OWASP Top 10 vs Drupal Abstract: Drupal is the most used and well-known open source content management system in the world. Created by Dries Buytaert years ago it has grown with the support of a big community. Drupal 7 is already released and there is an entire ecosystem for Drupal and Drupal web agencies. During this presentation we will discuss the findings of an automated static code analysis of Drupal 6 and Drupal 7 and how Drupal protects against the OWASP Top 10 Application Security Risks. We will explain the security weaknesses that remain when you use Drupal and what you can implement to have a secure cloud server running Drupal.
OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012
ZIONSECURITY
Hacking browser components by Reverse Engineering is emerging as the best way for discovering potential vulnerabilities across web applications in an era of Rich Internet Applications (RIA). The RIA space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous third party libraries. Browsers are the target of hackers, worms and malware with specific scope, almost on a daily basis. We have seen exploitation of these technologies on popular sites like Facebook, Twitter, Yahoo, Google, to name a few. The traditional boundaries of web applications are disappearing. Browsers today host a substantial part of web applications including data access, business logic, encryption, etc. along with presentation layer. This shift is making browser components a potential target for hackers. The danger of poorly written browser components being
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
null - HasGeek - JSFoo HackNight - 03 August 2013
Secure java script-for-developers
Secure java script-for-developers
n|u - The Open Security Community
My presentation in IQPC conference "Comprehensive tour of web application attacks"
Common Web Application Attacks
Common Web Application Attacks
Ahmed Sherif
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Web application attack is the big topic and it changed every time. In this slide I show you some basic web attact methods. Thanks
Web application attack Presentation
Web application attack Presentation
Khoa Nguyen
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
Coomon Web Application attacks
Web application attacks
Web application attacks
hruth
This is my power point slides for the OWASP Cairo Chapter event held in (Information Technology Institute) on 16/3/2019. It's focused on SQL Injection attack, command and code injection and their mitigation, also at the last minutes in the presentation I made a demo on the blind sql injection attack using one of pentesterlab vulnerable machines.
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Mohamed Talaat
What's hot
(20)
Html5 localstorage attack vectors
Html5 localstorage attack vectors
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Html5 on mobile
Html5 on mobile
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Web Services Hacking and Security
Web Services Hacking and Security
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
D@W REST security
D@W REST security
Application fuzzing
Application fuzzing
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Lets Make our Web Applications Secure
Lets Make our Web Applications Secure
Owasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Secure java script-for-developers
Secure java script-for-developers
Common Web Application Attacks
Common Web Application Attacks
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Web application attack Presentation
Web application attack Presentation
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Web application attacks
Web application attacks
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Similar to HTML5 hacking
Presentation on HTML5 security at OWASP Hyderabad Chapter-19th May 2012.
Html5 security
Html5 security
Krishna T
Palestra ministrada no OWASP Floripa Day - Florianópolis - SC | A palestra tem como objetivo mostrar os conceitos e funcionamento de algumas funcionalidades que foram adicionadas ao HTML5, levando em consideração os aspectos de segurança do client-side. Para as funcionalidades destacadas, foram criados cenários de ataques visando ilustrar a obtenção de informações sensíves armazenadas no browser ou até mesmo usar o browser da vítima para lançar ataques contra outros sistemas. Através da exploração das funcionalidades existentes no HTML5, técnicas de exploração como XSS e CSRF, tornam-se mais poderosas e eficientes, sendo possível em alguns casos contornar algumas restrições do Same Origin Policiy (SOP).
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
Hacking HTML5 offensive course (Zeronights edition)
Hacking HTML5 offensive course (Zeronights edition)
Krzysztof Kotowicz
Presentation for the Devnology Community Back to School program at the Radboud University Nijmegen
The top 10 security issues in web applications
The top 10 security issues in web applications
Devnology
This talk is a generic but comprehensive overview of security mechanism, controls and potential attacks in modern browsers. The talk focuses also on new technologies, such as HTML5 and related APIs to highlight new attack scenario against browsers.
Browser Security
Browser Security
Roberto Suggi Liverani
Presentation on Web security
Web Exploitation Security
Web Exploitation Security
Aman Singh
How to securely use Json Web tokens (JWTs) in a browser environment, and how to securely store them in cookies.
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
Romulus project OWASP presentation. More info at: http://www.ict-romulus.eu/
Romulus OWASP
Romulus OWASP
Grupo Gesfor I+D+i
Cos 432 web_security
Cos 432 web_security
Michael Freyberger
Presentation that shows how bruteforcing is still being used for exploiting web application vulnerabilities.
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
Pentesting web applications
Pentesting web applications
Satish b
ColdFusion_Code_Security_Best_Practices_NCDevCon_2015
ColdFusion_Code_Security_Best_Practices_NCDevCon_2015
Denard Springle IV
Often, web developers keep hearing about "Same Origin Policy (SOP)" of browsers but live with half-knowledge or with several confusions. This session attempts to clear the misconceptions of SOP.
Browser Internals-Same Origin Policy
Browser Internals-Same Origin Policy
Krishna T
Slides for the teaching the BurpSuite
Burp suite
Burp suite
Yashar Shahinzadeh
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing Levels
Positive Hack Days
Presentation at PodCamp New Hampshire 2009 A "dim sum" (light sampling) of core technologies which everyone who considers themselves a "technocrat" should have some understanding and appreciation. Since there's a lot to cover, each topic will move pretty quickly, keeping the descriptions at a conceptual level.
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
linoj
Vulnerabilities in data processing levels
Vulnerabilities in data processing levels
beched
Questions? email me, mimeframe ^at^ gmail ^dot^ com
ruxc0n 2012
ruxc0n 2012
mimeframe
Covering top web attacks ...
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah
This presentation gives idea about HTTP protocol and various steams like JSON, XML, Ajax etc.
HTTP protocol and Streams Security
HTTP protocol and Streams Security
Blueinfy Solutions
Similar to HTML5 hacking
(20)
Html5 security
Html5 security
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Hacking HTML5 offensive course (Zeronights edition)
Hacking HTML5 offensive course (Zeronights edition)
The top 10 security issues in web applications
The top 10 security issues in web applications
Browser Security
Browser Security
Web Exploitation Security
Web Exploitation Security
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
Romulus OWASP
Romulus OWASP
Cos 432 web_security
Cos 432 web_security
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Pentesting web applications
Pentesting web applications
ColdFusion_Code_Security_Best_Practices_NCDevCon_2015
ColdFusion_Code_Security_Best_Practices_NCDevCon_2015
Browser Internals-Same Origin Policy
Browser Internals-Same Origin Policy
Burp suite
Burp suite
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing Levels
12 core technologies you should learn, love, and hate to be a 'real' technocrat
12 core technologies you should learn, love, and hate to be a 'real' technocrat
Vulnerabilities in data processing levels
Vulnerabilities in data processing levels
ruxc0n 2012
ruxc0n 2012
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
HTTP protocol and Streams Security
HTTP protocol and Streams Security
More from Blueinfy Solutions
Mobile AppSec Review
Mobile Application Scan and Testing
Mobile Application Scan and Testing
Blueinfy Solutions
Mobile Security Review
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
iOS App testing
iOS Application Security Testing
iOS Application Security Testing
Blueinfy Solutions
Securing Android Apps.
Android secure coding
Android secure coding
Blueinfy Solutions
Android based attacks and testing.
Android attacks
Android attacks
Blueinfy Solutions
DeepSec 2013
Automation In Android & iOS Application Review