HTML5: Risky Business or Hidden Security Tool Chest?
Johannes Ullrich at AppSec USA 2013
The term "HTML5" encompasses a number of new subsystems that are currently being implemented in browsers. Most of these were created with a focus on functionality, not security. But the impact of these features is not all negative for security. Quite the oposit. New abilities to store data on the client, or having access to hardware sensors like geolocation and tilt sensors have the ability to enhance session tracking and make authentication more secure and easier to use. This talk will select a number of examples to demonstrate the positive, as well as sometimes negative, impact of these features for web application security. Code samples for any demonstrations will be made available.
Speaker
Johannes Ullrich
-1999 Research Physicist 1999-2000 Web Developer Banta Integrated Media 2001-current SANS Institute
Speaker
Johannes Ullrich
-1999 Research Physicist 1999-2000 Web Developer Banta Integrated Media 2001-current SANS Institute