Re: [W3af-users] does w3af can scan the new vulnerabitiy HTML5

Sun, 18 Mar 2012 06:59:29 -0700 

I recently read some html5 security recently . this may be  the top10 html5
security concerned

1.ClickJacking& Phishing by mixing layers and iframe
2.CSRF and leveraging CORS to bypasses SOP (demo)
3.Attacking WebSQL and client side SQL injection
4.Stealing information from Storage and Global variables
5.HTML5 tag abuse and XSS
6.HTML5 and DOM based XSS and redirects
7.DOM injections and Hijacking with HTML 5
8.Abusing thick client features
9.Using WebSockets for stealth attacks
10.Abusing WebWorker functionality
this is what I am asking for !
On Sun, Mar 18, 2012 at 9:53 PM, Andres Riancho <[email protected]>wrote:

> 孙松柏,
>
> On Sun, Mar 18, 2012 at 4:26 AM, 孙松柏 <[email protected]> wrote:
> > hi everyone
> >
> > I recently notice that HTML5 has a lot of new features and bring a lot of
> > vulnerability!
>
> Could you please name the HTML5 vulnerability you want w3af to identify?
>
> > My question is : is there a module or some modules that w3af can detect
> that
> > ?
> > --
> > FIT1-213
> > Department of Computer Science
> > Tsinghua University, Beijing, 100084
> > http://about.me/anakin/bio
> >
> >
> ------------------------------------------------------------------------------
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>



-- 
FIT1-213
Department of Computer Science
Tsinghua University, Beijing, 100084
http://about.me/anakin/bio

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to