SH5ARK ATTACK- taking a byte out of HTML5!

Presented at DerbyCon 2.0 Reunion (2012), Sept. 29, 2012, 6 p.m. (50 minutes)

The W3C is in the process, still, of completing the HTML5 specification, which provides a whole new set of features for developers to create client-side web applications for a richer experience for users. However, these features have also introduced a new set of threats and vulnerabilities that could increase the opportunity for attacks performed against browsers that support HTML5, of which most already do. Since HTML5 adds all events to all tags, this provides an opportunity for bypassing filters and Web Application Firewalls (WAFs), which allows a remote attacker to perform a client-side attack and control most of what the browser is capable of doing.

In this talk, Tony and Jason will discuss how HTML5 is opening a new world of opportunities for client-side attacks. As part of a DARPA CFT project, the Secure Ideas team built a repository called Securing HTML5 Assessment Resource Kit (SH5ARK). An overview of the SH5ARK repository will be presented, which includes code samples of vulnerable HTML5 features, attack proof of concepts, as well as filtering rules that can be utilized to help prevent attacks. The SH5ARK repository will be released shortly after DerbyCon.

Presenters:

• Jason Wood
  Jason Wood is a Senior Security Analyst with SecureIdeas, bringing over 12 years of systems administration and security experience with the Windows and UNIX/Linux operating systems. He has spent most of his career in web based companies in security, application and infrastructure roles. His experience includes vulnerability assessments, systems hardening and monitoring. He has taught classes on vulnerability management, event monitoring, and configuration auditing. He also has been a mentor for SANS Security 504 – Hacker Techniques, Exploits and Incident Handling. He currently has the GCIH certification. Jason is the author of Reconnoiter, a reconnaissance project for penetration testing.
• Tony DeLaGrange
  Tony is a Senior Security Analyst with Secure Ideas, bringing over twenty-five years of information technology experience in the healthcare and financial services industries. For over the past decade, Tony has focused on information security within a leading Fortune 50 financial institution, providing the design of security reference architecture, development of information security policies, standards, and baselines, as well as the assessment and testing of emerging technologies. While at Secure Ideas, Tony has had the opportunity to lead two DARPA CFT projects, help develop the SANS 571 Mobile Device Security courseware, and is the project lead for the open source MobiSec mobile testing live environment. Tony has presented on multiple SANS webcasts and at industry events such as AppSec, Good’s Mobile summit, ShmooCon, and was a co-chair of the SANS Mobile Device Security summit.

Similar Presentations:

• DEF CON 19 (2011) / Abusing HTML5
• Black Hat USA 2012 / HTML5 Top 10 Threats - Stealth Attacks and Silent Exploits
• DeepSec 2013 „Secrets, Failures, and Visions“ / Relax Everybody: HTML5 Is Securer Than You Think