This article is an extract of the master thesis written by Michael Schmidt. The security relevant aspects of HTML5 that were considered in this thesis are covered in the subsequent document.It needs to be considered that the content of this document was released in May 2011. Compass Security makes regular updates to its HTML5 security know how and provides additional information
HTML5 Web Security describes issues, vulnerabilities, threat & attack scenarios and countermeasures across 80 pages including numerous well thought-out diagrams, and is backed up with detailed references and an appendix full of attack details.
The main sections are:
2.2 Cross-origin resource sharing
2.3 Web storage
2.4 Offline web application
2.5 Web messaging
2.6 Custom scheme and content handlers
2.7 Web sockets API
2.8 Geolocation API
2.9 Implicit relevant features of HTML5
Web workers, new elements, attributes and CSS, Iframe sandboxing and server-sent events
If you are already developing HTML, or planning to, read this document as soon as possible and update your requirements documents, specifications, design documents, coding standards, and test plans to incorporate the knowledge.
Download PDF: http://media.hacking-lab.com