HTML5: Risky Business or Hidden Security Tool Chest?

Presented at AppSec USA 2013, Nov. 20, 2013, 1 p.m. (50 minutes)

Video of session https://www.youtube.com/watch?v=fzjpUqMwnoI&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=15 The term "HTML5" encompasses a number of new subsystems that are currently being implemented in browsers. Most of these were created with a focus on functionality, not security. But the impact of these features is not all negative for security. Quite the oposit. New abilities to store data on the client, or having access to hardware sensors like geolocation and tilt sensors have the ability to enhance session tracking and make authentication more secure and easier to use. This talk will select a number of examples to demonstrate the positive, as well as sometimes negative, impact of these features for web application security. Code samples for any demonstrations will be made available.

Presenters:

  • Johannes Ullrich - Dean of Research and a faculty member - SANS Technology Institute
    Johannes Ullrich, dean of research at the SANS Technology Institute, is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. His research interests include IPv6, network traffic analysis and secure software development. In 2004, Network World named Johannes one of the 50 most powerful people in the networking industry, and SC Magazine named him one of the top five influential IT security thinkers for 2005. Prior to working for SANS, Johannes served as a lead support engineer for a web development company and as a research physicist.

Links:

Similar Presentations: