HTML5 Top 10 Threats Stealth Attacks and Silent Exploits
来源:互联网 发布:淘宝标题优化技巧软件 编辑:程序博客网 时间:2024/06/05 09:34
HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and able to execute Rich Internet Applications in the context of modern browser architecture. Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is not a single technology stack but combination of various components like XMLHttpRequest (XHR), Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser rendering. It brings several new technologies to the browser which were not seen before like localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to compromise.
• ClickJacking & Phishing by mixing layers and iframe
• CSRF and leveraging CORS to bypass SOP
• Attacking WebSQL and client side SQL injection
• Stealing information from Storage and Global variables
• HTML 5 tag abuse and XSS
• HTML 5/DOM based XSS and redirects
• DOM injections and Hijacking with HTML 5
• Abusing thick client features
• Using WebSockets for stealth attacks
• Abusing WebWorker functionality
Above attack vectors and understanding will give more idea about HTML5 security concerns and required defense. It is imperative to focus on these new attack vectors and start addressing in today’s environment before attackers start leveraging these features to their advantage.
Download PDF: https://media.blackhat.com
• ClickJacking & Phishing by mixing layers and iframe
• CSRF and leveraging CORS to bypass SOP
• Attacking WebSQL and client side SQL injection
• Stealing information from Storage and Global variables
• HTML 5 tag abuse and XSS
• HTML 5/DOM based XSS and redirects
• DOM injections and Hijacking with HTML 5
• Abusing thick client features
• Using WebSockets for stealth attacks
• Abusing WebWorker functionality
Above attack vectors and understanding will give more idea about HTML5 security concerns and required defense. It is imperative to focus on these new attack vectors and start addressing in today’s environment before attackers start leveraging these features to their advantage.
Download PDF: https://media.blackhat.com
- HTML5 Top 10 Threats Stealth Attacks and Silent Exploits
- Cross Site Scripting Attacks: Xss Exploits and Defense
- Silent Transactions Attacks正确解法
- top 9 fraud attacks
- Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Writing Security Tools and Exploits
- OS X Exploits and Defense
- web application exploits and defenses
- Improving Web Application Security: Threats and Countermeasures
- Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
- Security Analytics: Detecting Advanced Threats and Fraud
- Web Hacking: Attacks and Defense
- SQL Injection Attacks and Defense
- How to Protect Android From Malwares and Other Threats
- e-Commerce security: Attacks and preventive strategies
- Crimeware: Understanding New Attacks and Defenses
- XML Denial of Service Attacks and Defenses
- DOS Attacks and Free DOS Attacking Tools
- sqlmap gui
- 线程同步的方法
- The virtual functions table
- h1 h2使用方法
- JS与AS3.0的交互
- HTML5 Top 10 Threats Stealth Attacks and Silent Exploits
- BBC遭受来自伊朗的攻击
- ERP的安全设计:Oracle Fusion Applications的安全架构
- WinXp Apache虚拟主机开启Mod_rewrite
- Android开发中,使用线程应该注意的问题!
- delphi常用函数五
- expect_out
- cassandra的replication_factor
- 网赚赔钱原因