HTML5, noul standard web care va face mai usoara dezvoltarea de site-uri si aplicatii web pentru industria de hosting si nu numai, este de asemenea vulnerabil la atacuri stealth si la exploit-uri silentioase, a spus un cercetator la conferinta de securitate Black Hat.
HTML5 se confrunta cu o serie de amenintari, inclusiv cross-site scripting si deturnarea de resurse, a spus joi la conferinta de securitate Black Hat din Las Vegas, Shreeraj Shah, fondatorul companiei furnizoare de aplicatii de securitate, Blueinfy.
Topul primelor 10 amenintari la adresa HTML5 arata cam asa:
1. CSRF with XHR and CORS bypass
2. Jacking – click, CORS, tabs
3. HTML5-driven cross-site scripting using tags, events and attributes
4. Attacking storage and DOM variables
5. Exploiting Browser SQL points
6. Injection with Web Messaging and Workers
7. DOM-based cross site scripting and issues
8. Offline attacks and cross-widget vectors
9. Web socket issues
10. API and protocol attacks
Sursa: securityweek.com