HTML5 is redefining the ground rules for future Web Applications by providing a rich set of new features and by extending existng features and APIs. HTML5 Security is still an unexplored region because HTML5 features are not yet adopted by web applications (apart from experimental support) and it is assumed that until that happens the end users have nothing to worry about.
This paper would prove this assumption wrong by discussing a range of attacks that can be carried out on web users ‘right now’ even on websites that do not support or intend to support HTML5 in the near future. Browser vendors have been trying to outdo each other in supporting the latest features defined in the HTML5 spec. This has exposed the users of these browsers to the attacks that would be discussed in this paper.
The initial sections of this paper cover attacks and research that have been published by me and other researchers earlier thisyear. The latter sections covers attacks that are completely new and exclusive.
Download : Attacking with HTML5.pdf
No comments:
Post a Comment