Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Nick Feamster CS 6262 Spring 2009
Lecture plan Information retrieval (from week 11)
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Copyright Justin C. Klein Keane HTML 5 Security Philadelphia OWASP August, 2013.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
EECS 354 Network Security Cross Site Scripting (XSS)
Web Design Vocab 6 Backend, Frontend, Freelancer, JavaScript, Vector Image.
Electrical and Computer Engineering Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Final Project Review.
Web Page Behavior IS 373—Web Standards Todd Will.
Creating your website Using Plain HTML. What is HTML? ► Web pages are authored in HyperText Markup Language (HTML) ► Plain text is marked up with tags,
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Presented by…. Group 2 1. Programming language 2Introduction.
1 Forms for the Web Tom Muck
Server- Side technologies Client-side vs. Server-side scripts PHP basic ASP.NET basic ColdFusion.
HTML5 Group 3: Dongyang Zhang, Wei Liu, Weizhou He, Yutong Wei, Yuxin Zhu.
Languages in WEB Presented by: Jenisha Kshatriya BCM SS09.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
Server-side Scripting Powering the webs favourite services.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
2013Dr. Ali Rodan 1 Handout 1 Fundamentals of the Internet.
Java Omar Rana University of South Asia. Course Overview JAVA  C/C++ and JAVA Comparison  OOP in JAVA  Exception Handling  Streams  Graphics User.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.
Cross Site Integration “mashups” cross site scripting.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
Building Rich Web Applications with Ajax Linda Dailey Paulson IEEE – Computer, October 05 (Vol.38, No.10) Presented by Jingming Zhang.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Introducing the World Wide Web Internet- a structure made up of millions of interconnected computers whose users communicate with each other and share.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
Chapter 4 Applets Cop Why Applets? WWW makes huge information available to anyone with web browser. Web server send web pages and images to your.
University of Central Florida The Postman Always Rings Twice: Attacking & Defending postMessage in HTML5 Websites Ankur Verma University of Central Florida,
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
HTML 5 The Future of Web Development. What is HTML5? “HTML5 is a specification of how the web’s core language, HTML, should be formatted and utilized.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
INTRODUCTION TO HTML5 New HTML5 User Interface and Attributes.
Website Design, Development and Maintenance ONLY TAKE DOWN NOTES ON INDICATED SLIDES.
INTRODUCTION JavaScript can make websites more interactive, interesting, and user-friendly.
JavaScript 101 Introduction to Programming. Topics What is programming? The common elements found in most programming languages Introduction to JavaScript.
Week 7 - Wednesday.  Web security – user side.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
JavaScript Invented 1995 Steve, Tony & Sharon. A Scripting Language (A scripting language is a lightweight programming language that supports the writing.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Brief Look InTo JavaScript Dr. Thomas Hicks Computer Science Department Trinity University.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Chapter 17 The Need for HTML 5.
PHP Assignment Help BookMyEssay. What is PHP PHP is a scripting language generally used on web servers. It is an open source language and embedded code.
Building Secure ColdFusion Applications
CSCE 548 Student Presentation Ryan Labrador
Web Technologies Computing Science Thompson Rivers University
Introduction to Dynamic Web Programming
World Wide Web policy.
Ad-blocker circumvention System
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Application with Cross-Platform GUI
Prepared for Md. Zakir Hossain Lecturer, CSE, DUET Prepared by Miton Chandra Datta
Intro to Virtual and Web Mapping
Riding Someone Else’s Wave with CSRF
Secure Web Programming
Web Programming Language
Introduction to JavaScript
Cross-Site Scripting Attack (XSS)
Cross Site Request Forgery (CSRF)
Presentation transcript:

Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu

1. Introduction of HTML HTML is the standard markup language used to create web pages HTML is written in the form of HTML elements consisting of tags enclosed in angle brackets HTML elements form the building blocks of all websites. HTML allows images and objects to be embedded and can be used to create interactive form

2. Something about HTML5 HTML5 adds many new syntactic features. These include the new, and elements, as well as the integration of scalable vector graphics (SVG) content (replacing generic tags), and MathML for mathematical formulas We can check out whether there is in the source code to distinguish HTML5 from HTML4

3. HTML5 common attack method (1)CORS attack Cross-origin resource sharing (CORS) defines a way in which the browser and the server can interact to determine whether allow the cross- origin request The browser sends the request with an original HTTP header which could be faked The third party could be hacked …

(2) WebStorage attack The API of LocalStorage are provided by Javascript, so attackers can steal information through XSS. For example users’ token and information. Attackers can also steal information from scanning the global variables. Web app bug If Web App has XSS bugs, it’s very easy to leak the local database.

(3) Webworker attack Botnet Include DDos attack, sending junk mail, network sniffing. PostMessage problem Webworker cannot access to DOM, it can only communicate with host through postMessageAPI. So if postMessage can receive information from any source, the current webpage could be attacked easily. Moreover, postmessage doesn’t pass the server, if there doesn’t have a verification, it may become a injection point of XSS.

(4) WebSQL attack SQL injection Similar to the local database, attackers can attack database through SQL injection point.

(5) ClickJacking attack Click Jacking Make the webpage seem to be safe and trap users to click the content on the website in order to steal users’ private information. Cookie Jacking When users dragging the mouse, users’ information will be sent from one area to another area.

4. What are we going to do We will have a better understanding about common leaks and bugs in the website background program Estimate website’s security level with the leaks and bugs (such as Twiki :p) Try to provide some suggestion to improve website’s security Finally provide a security report

5. Reference (1) (2) (3) (4) (5) (6) (7)

THANK YOU!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.