"Hacking HTML5" training

If you'd like to know a little more about HTML5 & security, in January I will be giving a one-day training with Niebezpiecznik.pl entitled "Hacking HTML5".

Topics covered:

• New XSS vectors in HTML5
• Cross Origin Resource Sharing
• Cross Document Messaging
• XMLHttpRequest Level 2
• Offline cache & other client-side storages
• Web SQL
• Web sockets
• Clickjacking with HTML5
• Geolocation

... and others. Several vulnerabilities and attacks will be taught together with instructions on how to implement above features securely. Many existing HTML5-related tools (e.g. by Lavakumark Kuppan of andlabs.org or some of mine) will be presented. Special attention will be put to HTML5 features that may break existing legacy HTML4/XHTML applications.

We will be attacking and defending a prepared social networking application.

The training is targetted to:

• webdevelopers
• pentesters
• and all other hackers

If you're interested and able to come to Cracow this January, read more about the program & register. Contact me and maybe we can arrange some discounts for the training ;)