Pulling The Plug: Security Risks In The Next Generation Of Offline Web Applications presented at ShmooCon 2011

by Michael Sutton,

Summary : Michael Sutton discussed, “Security Risks in the Next Generation of Offline Web Applications.” Two main topics of interest were Google Gears and HTML5. Sutton said that Google did not intend to compete with HTML5, however, Google did develop Google Gears as a web application. In 2007, Google dropped “Google” from the name so that Gears might attract a wider audience.
Gears has three main components: a local web server, a full relational database, and a client side database. Sutton continued with a detailed demonstration of a variety of real-world vulnerabilities that have been uncovered, including a new class of cross-site scripting and client-side SQL injection.