孙松柏,
On Sun, Mar 18, 2012 at 10:58 AM, 孙松柏 <[email protected]> wrote:
> I recently read some html5 security recently . this may be the top10 html5
> security concerned
>
> 1.ClickJacking& Phishing by mixing layers and iframe
> 2.CSRF and leveraging CORS to bypasses SOP (demo)
> 3.Attacking WebSQL and client side SQL injection
> 4.Stealing information from Storage and Global variables
> 5.HTML5 tag abuse and XSS
> 6.HTML5 and DOM based XSS and redirects
> 7.DOM injections and Hijacking with HTML 5
> 8.Abusing thick client features
> 9.Using WebSockets for stealth attacks
> 10.Abusing WebWorker functionality
w3af does not implement any HTML5 checks at this moment. Most of
the items in this Top10 are not vulnerabilities that can be detected
in applications but techniques/tricks used for exploiting a browser
that is navigating an HTML5 page. Examples of those are 9, 10, 8, 4,
1.
With that said, I think we should add some capability for
detecting something on this list... we'll see... If you have ideas on
how to automate the detection of any of the items above, please let me
know.
Regards,
> this is what I am asking for !
> On Sun, Mar 18, 2012 at 9:53 PM, Andres Riancho <[email protected]>
> wrote:
>>
>> 孙松柏,
>>
>> On Sun, Mar 18, 2012 at 4:26 AM, 孙松柏 <[email protected]> wrote:
>> > hi everyone
>> >
>> > I recently notice that HTML5 has a lot of new features and bring a lot
>> > of
>> > vulnerability!
>>
>> Could you please name the HTML5 vulnerability you want w3af to identify?
>>
>> > My question is : is there a module or some modules that w3af can detect
>> > that
>> > ?
>> > --
>> > FIT1-213
>> > Department of Computer Science
>> > Tsinghua University, Beijing, 100084
>> > http://about.me/anakin/bio
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> > _______________________________________________
>> > W3af-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>
>
>
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
