Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
5 Implications of HTML5 on
Security

© 2013, n.runs professionals GmbH – Security Research Team

Martin Herfurt
HTML5 Specification
• Started in the beginning of 2007
• Still an ongoing effort

© 2013, n.runs professionals GmbH – Secu...
New Vectors For XSS
• New tags for hiding Javascript
– Tag for Scalable Vector Graphics (SVG)
– video

• Autofocus attribu...
Resident XSS
Remains in Browser
Code is persistently held in local storage
Arthur Janc implemented Browser Rootkit
Malicio...
Cross Origin Requests
• Allows ressource sharing
• Circumvents SOP
• New Server has to send header:
– Access-Control-Allow...
WebSockets
• Bi-directional connections
• Can circumvent SOP (with tricks)
• Can be used for network scans

© 2013, n.runs...
Web Workers
• Sandboxed background execution for
javascript
• Malicious code
– Exhaust ressources

© 2013, n.runs professi...
Storage
• Local Storage
– 5-10MB depending on Browser

• Session Storage
– 5-10MB depending on Browser

• WebSQL
– Similar...
Thank You

http://blog.nruns.com/
Martin Herfurt (n.runs professionals GmbH)
© 2013, n.runs professionals GmbH – Security ...
Upcoming SlideShare
Loading in …5
×

ciso-platform-annual-summit-2013-5 implications of html5 on security by mherfurt

455 views

Published on

Presented by Martin Herfurt at CISO Platform Annual Summit, 2013.Martin did a lot of work in the field of Bluetooth Security when he founded the trifinite.group in 2004. Currently, he is working for the German IT-Security firm n.runs professionals along with managing his new venture, toothR.

  • Be the first to comment

  • Be the first to like this

ciso-platform-annual-summit-2013-5 implications of html5 on security by mherfurt

  1. 1. 5 Implications of HTML5 on Security © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  2. 2. HTML5 Specification • Started in the beginning of 2007 • Still an ongoing effort © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  3. 3. New Vectors For XSS • New tags for hiding Javascript – Tag for Scalable Vector Graphics (SVG) – video • Autofocus attribute – Automatic code execution with ‘onfocus’ © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  4. 4. Resident XSS Remains in Browser Code is persistently held in local storage Arthur Janc implemented Browser Rootkit Malicious manipulations cannot be detected by Web application • Possibility for XSS worms • • • • © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  5. 5. Cross Origin Requests • Allows ressource sharing • Circumvents SOP • New Server has to send header: – Access-Control-Allow-Origin: <name> –… • Allows network scanning – Based on responsecode/timing © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  6. 6. WebSockets • Bi-directional connections • Can circumvent SOP (with tricks) • Can be used for network scans © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  7. 7. Web Workers • Sandboxed background execution for javascript • Malicious code – Exhaust ressources © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  8. 8. Storage • Local Storage – 5-10MB depending on Browser • Session Storage – 5-10MB depending on Browser • WebSQL – Similar attack vectors as usual SQL (injections) • Application Cache – Offline availability for certain files • Access permission based on SOP © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  9. 9. Thank You http://blog.nruns.com/ Martin Herfurt (n.runs professionals GmbH) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt

×