July 2012 - HTML5 Security: A Beautiful Disaster

ABSTRACT::

HTML5 is a technological amphibian that can live in a traditional desktop browser environment as well as a mobile ecosystem. Moreover, its support for cross-origin communication, local storage, local file system access and advanced multimedia capabilities makes it very attractive for developers based on sheer functionality alone. However, to quote Voltaire, "with great power comes great responsibility." These very features also facilitate bypassing trusted browser security provisions such as the same-origin policy. In this talk, we scrutinize HTML5 features, specifically Cross-Origin Resource Sharing , Local Storage and Offline and Access and describe how to avoid common implementation pitfalls.

WHO:: Nidhi Shah, Principal Researcher, HP Security.

SPEAKER BIO:

Nidhi is a Principal Researcher in the Software Security Research division at HP Enterprise Security. She rejoined HP in January, 2012 after spending over 3 years at Barracuda Networks. Originally​, she came to HP in 2007 as part of the SPI Dynamics, Inc. acquisitio​n. Nidhi brings her expertise in web based malware detection research and focuses on innovative techniques for automated web vulnerabil​ity detection.

GOTOMEETING INFO:

1. Please join my meeting.

https://www3.gotomeeting.com/join/524542838

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

United States (toll-free): 1 877 568 4106

United States: +1 (224) 649-0001

Access Code: 524-542-838

Audio PIN: Shown after joining the meeting

Meeting ID: 524-542-838

GoToMeeting®

Online Meetings Made Easy™