Thursday, February 20, 2014

LocalStorage Exploit Via Cross Site Scripting


XSS is ranked as number 3 in the OWASP 2013 Top 10. 

XSS is the injection of malicious scripts into a webpage causing it to react in a way not intended by the developer. It is possible to carry out an XSS attack against a site that uses input from a user in the output it generates without validating or encoding it. By injecting a simple script like <script>alert(1)</script> into the search box on the altoro site, the application responds with:- 



HTML5 Tips and Tricks for Developers


There is so much hype about HTML5 right now and its hard to know what is currently useful, what may become useful and what is best avoided for the time being. Here is a by-no-means-complete list of some helpful hints and tips for developers

CSP - Content Security Policy


Whilst researching Security in HTML5 I stumbled across this great article on Content Security Policy written by a guy called Mike West which I will try and summarise! There was a lot of great stuff in there so this is probably no shorter than his article!

CSP stands for Content Security Policy. The aim of the policy is to mitigate injection attacks faced by website. It is currently a ‘Working Draft’ from w3c.

HTML5 Classes

http://www.w3.org/html/logo/

HTML5 has loads of features and these are grouped under their own titles called classes. These classes are labelled Semantics, Multimedia, 3D graphics and effects, device access, connectivity, Offline & storage, performance & integration. 

Everything that HTML5 now offers comes somewhere under one of these classes - except the few that have no home... bit like the left over screws when you've finished a flat-pack!

HTML5 Features Overview


HTML5 has introduced many neat features and so here is a quick overview of a few of them! To see if your browser supports these features check out html5test.com

Checking for HTML5 Input type support


Every time a web page is rendered in a browser, a DOM is created. This document object model represents all the HTML elements of the page. Every element is represented in the DOM by a different object. All DOM objects share a set of common properties but some objects have more than others. In browsers that support HTML5 certain objects will have unique properties. A quick look at the DOM will tell you which features are supported. There are 4 basic techniques for detecting individual features which will be discussed.

HTML5 Input types


HTML4 has many input types... HTML5 has many MORE...! This post will go through the new input types 

What is HTML5?


HTML5 is one of the new buzz words that is popping into many conversations of late. In this blog post we will delve into where it came from and where it is going to.