Tuesday, December 28, 2010

"Hacking HTML5" training

If you'd like to know a little more about HTML5 & security, in January I will be giving a one-day training with Niebezpiecznik.pl entitled "Hacking HTML5".

Topics covered:
  • New XSS vectors in HTML5
  • Cross Origin Resource Sharing
  • Cross Document Messaging
  • XMLHttpRequest Level 2
  • Offline cache & other client-side storages
  • Web SQL
  • Web sockets
  • Clickjacking with HTML5
  • Geolocation
... and others. Several vulnerabilities and attacks will be taught together with instructions on how to implement above features securely. Many existing HTML5-related tools (e.g. by Lavakumark Kuppan of andlabs.org or some of mine) will be presented. Special attention will be put to HTML5 features that may break existing legacy HTML4/XHTML applications.

We will be attacking and defending a prepared social networking application.

The training is targetted to:
  • webdevelopers
  • pentesters
  • and all other hackers
If you're interested and able to come to Cracow this January, read more about the program & register. Contact me and maybe we can arrange some discounts for the training ;)

No comments: