Emerging as popular standard to create Rich Internet Applications
and competing with technology stacks like Adobe’s Flex/Flash and Microsoft’s
Silverlight is HTML5[1]. HTML5 brings
several new features and functionalities that allow developers to create
really attractive and robust applications.
These applications can run on any browser and platform, although with
some limitations. HTML5 applications are also supported by mobile devices. Hence,
you can create your application once and run it on several devices and
browsers. Each time, every new technology stack throws up new security
challenges and vulnerabilities. HTML 5, though very promising, is no
different. There are security concerns that need to be addressed when creating
applications. Let us look at the top 10 possible attack vectors associated
with HTML5 and modern browser architecture.
Read full article here (net-security.org)
Top 10 Attack Vectors
Read full article here (net-security.org)
Top 10 Attack Vectors
1. ClickJacking
& Phishing by mixing layers and iframe
2. CSRF
and leveraging CORS to bypass SOP
3. Attacking
WebSQL and client side SQL injection
4. Stealing
information from Storage and Global variables
5. HTML
5 tag abuse and XSS
6. HTML
5/DOM based XSS and redirects
7. DOM
injections and Hijacking with HTML 5
8. Abusing
thick client features
9. Using
WebSockets for stealth attacks
10.Abusing
WebWorker functionality
Browser Attack Surface and Layers
1 comment:
Nice post, but it seems less, but very interesting to read and understand, hope post more blogs with more information Thank you...........visit our Erptree site for More Information about Fusion Cloud Financials Training Institute.
Post a Comment