The W3C is in the process, still, of completing the HTML5 specification, which provides a whole new set of features for developers to create client-side web applications for a richer experience for users. However, these features have also introduced a new set of threats and vulnerabilities that could increase the opportunity for attacks performed against browsers that support HTML5, of which most already do. Since HTML5 adds all events to all tags, this provides an opportunity for bypassing filters and Web Application Firewalls (WAFs), which allows a remote attacker to perform a client-side attack and control most of what the browser is capable of doing.
In this talk, Tony and Jason will discuss how HTML5 is opening a new world of opportunities for client-side attacks. As part of a DARPA CFT project, the Secure Ideas team built a repository called Securing HTML5 Assessment Resource Kit (SH5ARK). An overview of the SH5ARK repository will be presented, which includes code samples of vulnerable HTML5 features, attack proof of concepts, as well as filtering rules that can be utilized to help prevent attacks. The SH5ARK repository will be released shortly after DerbyCon.