HTML5 - A Whole New Attack Vector

Explore the security implications of HTML5 in this 41-minute conference talk from BruCON Security Conference. Delve into HTML5's new features from an attacker's perspective, examining potential vulnerabilities and attack vectors. Learn about semantic web, editable content, form validation, local storage, and video support, while understanding how these advancements can be exploited. Discover how attackers can leverage HTML5 to cause havoc on machines and even build browser-based botnets. Through demonstrations and examples, gain insights into canvas manipulation, geolocation risks, drag-and-drop vulnerabilities, and web notification exploits. Examine cross-site scripting techniques, XML HTTP request vulnerabilities, and network scanning possibilities. Explore defense strategies and participate in attack and defense labs to better understand and mitigate these new security challenges.

Intro
Canvas
Canvas Demo
Quake Demo
Video Audio
Geolocation
Drag and Drop
Web Notifications
The Hacker
Recon
Crosssite scripting
Examples
Attack and Defense Labs
XML HTTP Requests
Scanning the Network
The Next Day
GeoLocate
Autocomplete
Social Engineering
Directory
File Server
Pippy
DOS
Spam
Beef
Network
Pretty Test
Summary