SlideShare a Scribd company logo

Html5

Download as PPT, PDF
Satish Govindappa
Satish Govindappa

Html5 security issues and its existance

Technology
1 of 29
n|u HTML 5
n|u Structure Session 1 Introduction HTML 5 Basics Session 2 What’s inn for me ….Developer ? Session 3 What’s inn for me …. Ethical Hacker ? Session 4 What’s inn for me …. Code reviewer/ Webtesting ?
n|u  New Standard for HTML  work in progress..  Supported Browsers
n|u
n|u Objective  New Feature - HTML, CSS, DOM, and JavaScript  Error handling  Markup vs Scripting  Independence How it all Started? W3C & WHATWG(WebHypertext Application Technology Working Group )
n|u
n|u http://www.youtube.com/watch?v=mzPxo7Y6JyA
n|uDeveloper Point of view
n|uHTML5 - New Features  Drag and Drop  <canvas> vs SVG  HTML5 Geolocation  Webforms 2.0  local storage & session storage  HTML5 Cache  Web sockets  Webworkers  Server Sent events
n|u What is SVG? Vector based graphics  Resolution independence  W3C recommendation  Dom Based What is Canvas?  Speed  Text rendering capabilities  Graphics quality – Max and Min  Animation and accessibility support Graphics
n|u Core methods  openDatabase  transaction  executeSql Operations  Read  Insert Web SQL
n|u Types  Session  local Operations  CPU Utilization  Threads  Terminate  Import scripts Web Storage Web Workers
n|uWhat’s in for Ethical Hacker
n|uAttack vectors
n|u  XHR and Tags CSRF, Click jacking, XSS  Thick Features Exploiting browser SQL ports, SQLi with web workers and messaging  DOM Dom based XSS Protocol attacks Attack vectors
n|uSame origin policy access of one window to another same protocol://domain:port multiple subdomains Bypass methods Document.domain property Cross-Origin Resource Sharing Cross-document messaging
n|u • API • Site a.com - Site b.com Text only Access-Control-Allow-Origin: http://hello-world.example • XMLHttpRequest - Site a.com to b.com var client = new XMLHttpRequest() client.open("GET", "http://www.a.com/hello") client.onreadystatechange = function() { /* do something */ } client.send() CORS • HTTP Request Access-Control-Request-Method (preflight) Access-Control-Request-Headers (preflight) • HTTP Response Access-Control-Allow-Origin Access-Control-Allow-Credentials Access-Control-Allow-Expose-Headers Access-Control-Allow-Max-Age (preflight) Access-Control-Allow-Allow-Methods (preflight) Access-Control-Allow-Allow-Headers (preflight)
n|u
n|u • API • Requests directly to a web server and load the server response data directly back into the script • XMLHttpRequest - Site a.com to b.com var client = new XMLHttpRequest() client.open("GET", "http://www.a.com/hello") client.onreadystatechange = function() { /* do something */ } client.send() XHR
n|uSand Box • Sandbox is a security mechanism for separating running programs • Execute un verified code • Untrusted users and untrusted websites • Thirdparty scripts • Code Snippet <iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="https://platform.twitter.com/widgets/tweet_button.html" style="border: 0; width:130px; height:20px;"></iframe>
n|u
n|u
n|uWhat’s in for Security Tester
n|u
n|u
n|u
n|u
n|u
n|u

Recommended

Vlad zelinschi optimizing the critical rendering path
Vlad zelinschi optimizing the critical rendering pathVlad zelinschi optimizing the critical rendering path
Vlad zelinschi optimizing the critical rendering pathCodecamp Romania
 
Browserscope oscon 2011
Browserscope oscon 2011Browserscope oscon 2011
Browserscope oscon 2011lsimon
 
Go With The Reflow
Go With The ReflowGo With The Reflow
Go With The Reflowlsimon
 
Progressive web applications
Progressive web applicationsProgressive web applications
Progressive web applicationsTom Martin
 
Announcing StencilJS
Announcing StencilJSAnnouncing StencilJS
Announcing StencilJSChris Griffith
 
Javascript evolution
Javascript evolutionJavascript evolution
Javascript evolutionvinukumar_vs
 
Cetpa dotnet taining
Cetpa dotnet tainingCetpa dotnet taining
Cetpa dotnet tainingsharmamohan13989
 
Jayway Web Tech Radar 2015
Jayway Web Tech Radar 2015Jayway Web Tech Radar 2015
Jayway Web Tech Radar 2015Gustaf Nilsson Kotte
 

Recommended

Vlad zelinschi optimizing the critical rendering path
Vlad zelinschi optimizing the critical rendering pathVlad zelinschi optimizing the critical rendering path
Vlad zelinschi optimizing the critical rendering pathCodecamp Romania
 
Browserscope oscon 2011
Browserscope oscon 2011Browserscope oscon 2011
Browserscope oscon 2011lsimon
 
Go With The Reflow
Go With The ReflowGo With The Reflow
Go With The Reflowlsimon
 
Progressive web applications
Progressive web applicationsProgressive web applications
Progressive web applicationsTom Martin
 
Announcing StencilJS
Announcing StencilJSAnnouncing StencilJS
Announcing StencilJSChris Griffith
 
Javascript evolution
Javascript evolutionJavascript evolution
Javascript evolutionvinukumar_vs
 
Cetpa dotnet taining
Cetpa dotnet tainingCetpa dotnet taining
Cetpa dotnet tainingsharmamohan13989
 
Jayway Web Tech Radar 2015
Jayway Web Tech Radar 2015Jayway Web Tech Radar 2015
Jayway Web Tech Radar 2015Gustaf Nilsson Kotte
 
Windows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedaraWindows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedaraJaliya Udagedara
 
Handling scale on AWS
Handling scale on AWSHandling scale on AWS
Handling scale on AWSDavid Ilievsky
 
Web assembly: a brief overview
Web assembly: a brief overviewWeb assembly: a brief overview
Web assembly: a brief overviewPavlo Iatsiuk
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communicationPeter Arato
 
Javascript debugging
Javascript debuggingJavascript debugging
Javascript debuggingaudiodog
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5Woody Pewitt
 
Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)ITCamp
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applicationsWoody Pewitt
 
Wcf remaining
Wcf remainingWcf remaining
Wcf remainingshamsher ali
 
Ficha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elenaFicha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elenaCebe De San Martín
 
Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом Татьяня Татьяна
 
09 e02 ch09e day 2
09 e02 ch09e day 209 e02 ch09e day 2
09 e02 ch09e day 2festivalelmo
 
Shakeel cv
Shakeel cvShakeel cv
Shakeel cvshakeel ahmed saifee
 
Alamat suratkpp
Alamat suratkppAlamat suratkpp
Alamat suratkppindra_darmawan
 
Evaluation Task 6
Evaluation Task 6Evaluation Task 6
Evaluation Task 6keziahmiller
 
Calculus volume 1
Calculus volume 1Calculus volume 1
Calculus volume 1VICTOR PRINCE-DATEME
 
0308 ch 3 day 8
0308 ch 3 day 80308 ch 3 day 8
0308 ch 3 day 8festivalelmo
 
carta_recomendación_Noel
carta_recomendación_Noelcarta_recomendación_Noel
carta_recomendación_NoelNoel Lembke
 
AXELOS
AXELOSAXELOS
AXELOSHenrique Guimaraes
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kickSatish Govindappa
 
Trabajo 1 segundo básico
Trabajo 1 segundo básico Trabajo 1 segundo básico
Trabajo 1 segundo básico Russell Tellez
 
2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tarea2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tareaRussell Tellez
 

More Related Content

What's hot

Windows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedaraWindows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedaraJaliya Udagedara
 
Web assembly: a brief overview
Web assembly: a brief overviewWeb assembly: a brief overview
Web assembly: a brief overviewPavlo Iatsiuk
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communicationPeter Arato
 
Javascript debugging
Javascript debuggingJavascript debugging
Javascript debuggingaudiodog
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5Woody Pewitt
 
Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)ITCamp
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applicationsWoody Pewitt
 

What's hot (9)

Windows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedaraWindows communication foundation (part1) jaliya udagedara
Windows communication foundation (part1) jaliya udagedara
 
Handling scale on AWS
Handling scale on AWSHandling scale on AWS
Handling scale on AWS
 
Web assembly: a brief overview
Web assembly: a brief overviewWeb assembly: a brief overview
Web assembly: a brief overview
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communication
 
Javascript debugging
Javascript debuggingJavascript debugging
Javascript debugging
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5
 
Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)Busy Developers Guide to AngularJS (Tiberiu Covaci)
Busy Developers Guide to AngularJS (Tiberiu Covaci)
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applications
 
Wcf remaining
Wcf remainingWcf remaining
Wcf remaining
 

Viewers also liked

Ficha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elenaFicha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elenaCebe De San Martín
 
Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом Татьяня Татьяна
 
09 e02 ch09e day 2
09 e02 ch09e day 209 e02 ch09e day 2
09 e02 ch09e day 2festivalelmo
 
carta_recomendación_Noel
carta_recomendación_Noelcarta_recomendación_Noel
carta_recomendación_NoelNoel Lembke
 
Trabajo 1 segundo básico
Trabajo 1 segundo básico Trabajo 1 segundo básico
Trabajo 1 segundo básico Russell Tellez
 
2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tarea2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tareaRussell Tellez
 
Surface mine paperwork audit template
Surface mine paperwork audit templateSurface mine paperwork audit template
Surface mine paperwork audit templateSB Safety Docs, LLC
 
Saikishore Selenium3 years exp resume
Saikishore Selenium3 years exp resumeSaikishore Selenium3 years exp resume
Saikishore Selenium3 years exp resumeSaiKishore Balagani
 
Industrial training report (submitted by shaloo mishra)
Industrial training report (submitted by shaloo mishra)Industrial training report (submitted by shaloo mishra)
Industrial training report (submitted by shaloo mishra)Sajid Hussain
 

Viewers also liked (17)

Ficha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elenaFicha de monitoreo de coordinaciones elena
Ficha de monitoreo de coordinaciones elena
 
Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом Всесвітній день боротьби зі СНІДом
Всесвітній день боротьби зі СНІДом
 
09 e02 ch09e day 2
09 e02 ch09e day 209 e02 ch09e day 2
09 e02 ch09e day 2
 
Shakeel cv
Shakeel cvShakeel cv
Shakeel cv
 
Alamat suratkpp
Alamat suratkppAlamat suratkpp
Alamat suratkpp
 
Evaluation Task 6
Evaluation Task 6Evaluation Task 6
Evaluation Task 6
 
Calculus volume 1
Calculus volume 1Calculus volume 1
Calculus volume 1
 
0308 ch 3 day 8
0308 ch 3 day 80308 ch 3 day 8
0308 ch 3 day 8
 
carta_recomendación_Noel
carta_recomendación_Noelcarta_recomendación_Noel
carta_recomendación_Noel
 
AXELOS
AXELOSAXELOS
AXELOS
 
Metasploit with sholay kick
Metasploit with sholay kickMetasploit with sholay kick
Metasploit with sholay kick
 
Trabajo 1 segundo básico
Trabajo 1 segundo básico Trabajo 1 segundo básico
Trabajo 1 segundo básico
 
2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tarea2° básico 4 unidad - 4° tarea
2° básico 4 unidad - 4° tarea
 
Surface mine paperwork audit template
Surface mine paperwork audit templateSurface mine paperwork audit template
Surface mine paperwork audit template
 
1114 ch 11 day 14
1114 ch 11 day 141114 ch 11 day 14
1114 ch 11 day 14
 
Saikishore Selenium3 years exp resume
Saikishore Selenium3 years exp resumeSaikishore Selenium3 years exp resume
Saikishore Selenium3 years exp resume
 
Industrial training report (submitted by shaloo mishra)
Industrial training report (submitted by shaloo mishra)Industrial training report (submitted by shaloo mishra)
Industrial training report (submitted by shaloo mishra)
 

Similar to Html5

How To Implement a CMS
How To Implement a CMSHow To Implement a CMS
How To Implement a CMSJonathan Smith
 
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsys
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsysUsing communication and messaging API in the HTML5 world - GIl Fink, sparXsys
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsysCodemotion Tel Aviv
 
HTML5: An Overview
HTML5: An OverviewHTML5: An Overview
HTML5: An OverviewNagendra Um
 
The Web, After HTML5
The Web, After HTML5The Web, After HTML5
The Web, After HTML5Jonathan Jeon
 
Cape Cod Web Technology Meetup - 2
Cape Cod Web Technology Meetup - 2Cape Cod Web Technology Meetup - 2
Cape Cod Web Technology Meetup - 2Asher Martin
 
Cloud Computing in Systems Programming Curriculum
Cloud Computing in Systems Programming CurriculumCloud Computing in Systems Programming Curriculum
Cloud Computing in Systems Programming CurriculumSteven Miller
 
HWIOS Websocket CMS explained
HWIOS Websocket CMS explainedHWIOS Websocket CMS explained
HWIOS Websocket CMS explainedphrearch
 
Crash Course HTML/Rails Slides
Crash Course HTML/Rails SlidesCrash Course HTML/Rails Slides
Crash Course HTML/Rails SlidesUdita Plaha
 
WEB DEVELOPMENT.pptx
WEB DEVELOPMENT.pptxWEB DEVELOPMENT.pptx
WEB DEVELOPMENT.pptxsilvers5
 
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...Sencha
 
Social Photos - My presentation at Microsoft Tech Day
Social Photos - My presentation at Microsoft Tech DaySocial Photos - My presentation at Microsoft Tech Day
Social Photos - My presentation at Microsoft Tech DayTechMaster Vietnam
 

Similar to Html5 (20)

025444215.pptx
025444215.pptx025444215.pptx
025444215.pptx
 
Html5 for beginners
Html5 for beginnersHtml5 for beginners
Html5 for beginners
 
How To Implement a CMS
How To Implement a CMSHow To Implement a CMS
How To Implement a CMS
 
25444215.pptx
25444215.pptx25444215.pptx
25444215.pptx
 
web development
web developmentweb development
web development
 
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsys
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsysUsing communication and messaging API in the HTML5 world - GIl Fink, sparXsys
Using communication and messaging API in the HTML5 world - GIl Fink, sparXsys
 
HTML5: An Overview
HTML5: An OverviewHTML5: An Overview
HTML5: An Overview
 
The Web, After HTML5
The Web, After HTML5The Web, After HTML5
The Web, After HTML5
 
Html5 more than just html5 v final
Html5 more than just html5 v finalHtml5 more than just html5 v final
Html5 more than just html5 v final
 
Cape Cod Web Technology Meetup - 2
Cape Cod Web Technology Meetup - 2Cape Cod Web Technology Meetup - 2
Cape Cod Web Technology Meetup - 2
 
Cloud Computing in Systems Programming Curriculum
Cloud Computing in Systems Programming CurriculumCloud Computing in Systems Programming Curriculum
Cloud Computing in Systems Programming Curriculum
 
HWIOS Websocket CMS explained
HWIOS Websocket CMS explainedHWIOS Websocket CMS explained
HWIOS Websocket CMS explained
 
Crash Course HTML/Rails Slides
Crash Course HTML/Rails SlidesCrash Course HTML/Rails Slides
Crash Course HTML/Rails Slides
 
WEB DEVELOPMENT.pptx
WEB DEVELOPMENT.pptxWEB DEVELOPMENT.pptx
WEB DEVELOPMENT.pptx
 
web development
web developmentweb development
web development
 
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
 
Html 5
Html 5Html 5
Html 5
 
Advanced JavaScript
Advanced JavaScriptAdvanced JavaScript
Advanced JavaScript
 
Social Photos - My presentation at Microsoft Tech Day
Social Photos - My presentation at Microsoft Tech DaySocial Photos - My presentation at Microsoft Tech Day
Social Photos - My presentation at Microsoft Tech Day
 
Transforming the web into a real application platform
Transforming the web into a real application platformTransforming the web into a real application platform
Transforming the web into a real application platform
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Html5

  • 2. n|u Structure Session 1 Introduction HTML 5 Basics Session 2 What’s inn for me ….Developer ? Session 3 What’s inn for me …. Ethical Hacker ? Session 4 What’s inn for me …. Code reviewer/ Webtesting ?
  • 3. n|u  New Standard for HTML  work in progress..  Supported Browsers
  • 4. n|u
  • 5. n|u Objective  New Feature - HTML, CSS, DOM, and JavaScript  Error handling  Markup vs Scripting  Independence How it all Started? W3C & WHATWG(WebHypertext Application Technology Working Group )
  • 6. n|u
  • 9. n|uHTML5 - New Features  Drag and Drop  <canvas> vs SVG  HTML5 Geolocation  Webforms 2.0  local storage & session storage  HTML5 Cache  Web sockets  Webworkers  Server Sent events
  • 10. n|u What is SVG? Vector based graphics  Resolution independence  W3C recommendation  Dom Based What is Canvas?  Speed  Text rendering capabilities  Graphics quality – Max and Min  Animation and accessibility support Graphics
  • 11. n|u Core methods  openDatabase  transaction  executeSql Operations  Read  Insert Web SQL
  • 12. n|u Types  Session  local Operations  CPU Utilization  Threads  Terminate  Import scripts Web Storage Web Workers
  • 13. n|uWhat’s in for Ethical Hacker
  • 15. n|u  XHR and Tags CSRF, Click jacking, XSS  Thick Features Exploiting browser SQL ports, SQLi with web workers and messaging  DOM Dom based XSS Protocol attacks Attack vectors
  • 16. n|uSame origin policy access of one window to another same protocol://domain:port multiple subdomains Bypass methods Document.domain property Cross-Origin Resource Sharing Cross-document messaging
  • 17. n|u • API • Site a.com - Site b.com Text only Access-Control-Allow-Origin: http://hello-world.example • XMLHttpRequest - Site a.com to b.com var client = new XMLHttpRequest() client.open("GET", "http://www.a.com/hello") client.onreadystatechange = function() { /* do something */ } client.send() CORS • HTTP Request Access-Control-Request-Method (preflight) Access-Control-Request-Headers (preflight) • HTTP Response Access-Control-Allow-Origin Access-Control-Allow-Credentials Access-Control-Allow-Expose-Headers Access-Control-Allow-Max-Age (preflight) Access-Control-Allow-Allow-Methods (preflight) Access-Control-Allow-Allow-Headers (preflight)
  • 18. n|u
  • 19. n|u • API • Requests directly to a web server and load the server response data directly back into the script • XMLHttpRequest - Site a.com to b.com var client = new XMLHttpRequest() client.open("GET", "http://www.a.com/hello") client.onreadystatechange = function() { /* do something */ } client.send() XHR
  • 20. n|uSand Box • Sandbox is a security mechanism for separating running programs • Execute un verified code • Untrusted users and untrusted websites • Thirdparty scripts • Code Snippet <iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="https://platform.twitter.com/widgets/tweet_button.html" style="border: 0; width:130px; height:20px;"></iframe>
  • 21. n|u
  • 22. n|u
  • 23. n|uWhat’s in for Security Tester
  • 24. n|u
  • 25. n|u
  • 26. n|u
  • 27. n|u
  • 28. n|u
  • 29. n|u

Editor's Notes

  1. What is Canvas? The HTML5 &amp;lt;canvas&amp;gt; element is used to draw graphics, on the fly, via scripting (usually JavaScript). The &amp;lt;canvas&amp;gt; element is only a container for graphics. You must use a script to actually draw the graphics. Canvas has several methods for drawing paths, boxes, circles, characters, and adding images. What is SVG? SVG stands for Scalable Vector Graphics SVG is used to define vector-based graphics for the Web SVG defines the graphics in XML format SVG graphics do NOT lose any quality if they are zoomed or resized Every element and every attribute in SVG files can be animated SVG is a W3C recommendation
  2. Same origin policy The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number[1] – to access each other&amp;apos;s methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.[1] Same origin policy also applies to XMLHttpRequest and to robots.txt.[2] CORS - Cross origin resource sharing http://example.org resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org. XMLHttpRequest (XHR) is an API available in web browser scripting languages such as JavaScript. It is used to send HTTP or HTTPS requests directly to a web server and load the server response data directly back into the script
  3. Same origin policy The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number[1] – to access each other&amp;apos;s methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.[1] Same origin policy also applies to XMLHttpRequest and to robots.txt.[2] The term &amp;quot;origin&amp;quot; is defined using the domain name, application layer protocol, and (in most browsers) port number of the HTML document running the script. Two resources are considered to be of the same origin if and only if all these values are exactly the same. In some circumstances the same-origin policy is too restrictive, posing problems for large websites that use multiple subdomains. There are three techniques for relaxing it: document.domain property Cross-Origin Resource Sharing Cross-document messaging
  4. Cross origin resource sharing