HTML 5 is the latest incarnation of the HTML standard. While HTML 5 brings with it a number of security issues that have served as fodder for widespread criticism, HTML 5 also includes quite a few important security advances. Although rarely mentioned, HTML 5 has the capability to completely eliminate one of the most common classes of web application vulnerabilities: cross site scripting (XSS). HTML 5 also includes helpful sandboxing modes and other safety features. This talk will press beyond the hype and examine some of the new features of HTML 5, explain how they work, and relevant security issues. The intent of the presentation is to familiarize the audience with the new, security related aspects of HTML 5 and how they will change the security landscape, for better and for worse, in web applications.
Justin C. Klein Keane is a security engineer at the University of Pennsylvania and one of the chapter leaders of OWASP in Philadelphia. Justin has over a decade of web application development and penetration testing experience, combining the perspective of a builder with the inquisitive nature of a breaker. Justin holds a masters degree in information technology from the University of Pennsylvania and is credited with scores of vulnerability discoveries in web applications.