Wednesday, March 23, 2011

HTML 5, XHR (L2) and DOM (L3) - Top 10 Attacks

Current stack and technology surface

Top 10 Attack Vectors

1. XSS abuse with tags and attributes
2. DOM based XSS and Redirects
3. Stealing from the storage
4. Injecting and Exploiting WebSQL
5. Abusing network API and Sockets
6. CSRF across streams – JSON, AMF and XML
7. Sandbox attacks and ClickJacking
8. Abusing new features like drag-and-drop
9. Botnet/Spynet gets persistent life using WebWorkers
10. Threats to widgets and mashups