HTML5 isn't just for watching videos on your iPad. Its features may be the target of a security attack as much as they may be used to improve an attack. Vulnerabilities like XSS have been around since the web's beginning, but exploiting them has become increasingly sophisticated.
HTML5 features like WebSockets are part of the framework for controlling browsers compromised by XSS.
This presentation provides an overview of WebSockets: How they might increase the attack surface of a web site, their implications for privacy, and the potential security problems with protocols tunneled over them. Then it demonstrates how WebSockets can be used as an effective part of a hacking framework.
It closes with recommendations for deploying WebSockets securely, applying security principles to web app design, and providing a tool for exploring WebSockets security.
