HTML5 Top 10 Threats: Stealth Attacks and Silent Exploits presented at Blackhat Europe 2012

by Shreeraj Shah,

Tags: Security

Summary : "HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and able to execute Rich Internet Applications in the context of modern browser architecture. Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is not a single technology stack but combination of various components like XMLHttpRequest (XHR), Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser rendering. It brings several new technologies to the browser which were not seen before like localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to compromise.
In this paper and talk we are going to walk through these new architectures, attack surface and possible threats. Here are the top 10 threats which we are going to cover in detail with real life examples and demos.
ClickJacking & Phishing by mixing layers and iframe
CSRF and leveraging CORS to bypass SOP
Attacking WebSQL and client side SQL injection
Stealing information from Storage and Global variables
HTML 5 tag abuse and XSS
HTML 5/DOM based XSS and redirects
DOM injections and Hijacking with HTML 5
Abusing thick client features
Using WebSockets for stealth attacks
Abusing WebWorker functionality
Above attack vectors and understanding will give more idea about HTML5 security concerns and required defense. It is imperative to focus on these new attack vectors and start addressing in today's environment before attackers start leveraging these features to their advantage. We are going to see new tricks for HTML5 vulnerabilities scanning and tools."