HTML5: A Beautiful Disaster
HTML5 enables web developers to create rich user experiences with application features like cross-origin communication, local storage, sandboxed iframe, and web sockets. However, the features that make HTML5 powerful can also leave your applications ripe for exploitation. Join us as we scrutinize the top five threats to HTML5. We’ll demonstrate specific features that not only introduce new attack vectors, but also undo critical protection mechanisms in legacy web applications. You’ll hear how attackers can use HTML5 features to bypass clickjacking protections, render anti-CSRF protections useless, and open new avenues for data thieves. You’ll also learn ways to protect your applications. The session will include demonstrations and real-world examples highlighting incorrect usage of HTML5 features, tips for secure HTML5 development, and ways to fortify legacy applications impacted by HTML5-related browser enhancements.