- WebSocket Security Analysis
- A Security Analysis of Next Generation Web Standards
- The Emperor’s New APIs: On the (In)Secure Usage of New Client-side Primitives
- HTML5 Overview: A Look at HTML5 Attack Scenarios
- HTML5 Web Security
- HTML5 Top 10 Threats Stealth Attacks and Silent Exploits
- Attacking with HTML5
- Abusing HTML 5 Structured Client-side Storage
- HTML5 – взгляд через призму безопасности [Russian]
Blog posts on HTML5 Security [Back to Home]
- Compromising HTML5 WebSockets with an XSS vulnerability
- HTML5 WebSocket Security is Strong
- Kaazing WebSocket Gateway Security is Strong
- How a Platform Using HTML5 Can Affect the Security of Your Website
- Invisible arbitrary CSRF file upload in Flickr.com
- Minus.com silent arbitrary file upload
- Cross domain arbitrary file upload Redux
- How to upload arbitrary file contents cross-domain
- Filejacking: How to make a file server from your browser (with HTML5 of course)
- HTML5 WebSockets - security & new tool for attacking
- Squid-imposter: Phishing websites forever with HTML5 offline cache
- XSS track got ninja stealth skills thanks to HTML5
- XSS-Track now steals your uploaded files with HTML5 power!
- CSRF with JSON – leveraging XHR and CORS
- Blind WebSQL and Storage extraction for HTML5 Apps
- Top 10 HTML5 Threats & Attack Vectors
- Hacking Facebook with HTML5
- Cracking hashes in the JavaScript cloud with Ravan
- Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
- Port Scanning with HTML5 and JS-Recon
- Shell of the Future – Reverse Web Shell Handler for XSS Exploitation
- Chrome and Safari users open to stealth HTML5 AppCache attack
- HTML5 Security Articles and Live Demos
Slides from presentations made on HTML5 Security [Back to Home]
- HTML5 - The Good, the Bad, the Ugly
- HTML5: something wicked this way comes - HackPra
- HTML5 Web Security
- Web security in the frontend
- Abusing HTML5
- HTML5 Advanced Computer Networks SS 2011
- Pwning Intranets with HTML5
- Can you trust your workers? Examining the security of Web Workers
Videos of past talks on HTML5 Security [Back to Home]
- HTML5: something wicked this way comes
- Pwning intranets with HTML5
- Next Generation Web Attacks - HTML 5, DOM (L3) and XHR (L2)
- Attacking with HTML5
- HTML5 - The Good, the Bad, the Ugly [German]
Other resources on HTML5 Security [Back to Home]
- Discussion on HTML5 Security at OWASP Summit 2011
- HTML5 Security Cheatsheet Wiki
- HTML5 WebSQL and COR Security Demos
Upcoming talks on HTML5 Security [Back to Home]
- HTML5 - A Whole New Attack Vector