Securing and Attacking the HTML5 Landscape

infragard_IMA_logo1-smKnoxville InfraGard Chapter Meeting

Securing and Attacking the HTML5 Landscape will be the topic of this InfraGard Knoxville chapter meeting on Thursday, May 22 from 11:30 am - 1:00 pm at Fountainhead College. This meeting is free and open to the public.

Our guest speaker will be Blake Hitchcock of Cisco Systems, Inc. He describes his talk as follows:

HTML5“Though HTML5 is still in Candidate Recommendation status, many of the proposed features are well supported by the major browser vendors and are becoming more and more common in web applications. As with any new feature set, HTML5 introduces a new class of vulnerabilities and exploit possibilities. It also provides functionality that, when used properly, can harden the security of web applications. This talk will focus on features such as Web Messaging, CORS, client Storage APIs, sandboxing, HTTP security headers, and other topics of interest related to HTML5 security. I will discuss how to use these features securely as well as how to attack and assess the security of an application using these technologies. “

Blake Hitchcock has been building and breaking web applications for 4 years with Cisco. He loves writing in Ruby and JavaScript, and 'Burp' is not just something he does after a few too many kielbasas. When he's not doing web stuff, Blake enjoys fitness, good food, sports, and cheering for his beloved Volunteers.

InfraGard Knoxville Members Alliance

The mission of the Infragard East Tennessee Members Alliance is to educate and inform our region's businesses, organizations, law enforcement agencies, educational institutions, as well as private citizens on issues surrounding cybercrime and security. The East Tennessee Infragard Chapter is a 501c nonprofit organization, and is one part of a national networked organization called InfraGard.

Directions to Fountainhead College:

Back to Top

Profile Information

Application afterLoad: 0.000 seconds, 0.40 MB
Application afterInitialise: 0.027 seconds, 3.34 MB
Application afterRoute: 0.040 seconds, 4.81 MB
Application afterDispatch: 0.077 seconds, 8.09 MB
Application afterRender: 0.226 seconds, 10.39 MB

Memory Usage

11080720

29 queries logged

  1. SELECT *
      FROM jos_session
      WHERE session_id = 'la178jeegp2ujg45akcca7nkh7'
  2. DELETE
      FROM jos_session
      WHERE ( TIME < '1508737393' )
  3. SELECT *
      FROM jos_session
      WHERE session_id = 'la178jeegp2ujg45akcca7nkh7'
  4. INSERT INTO `jos_session` ( `session_id`,`time`,`username`,`gid`,`guest`,`client_id` )
      VALUES ( 'la178jeegp2ujg45akcca7nkh7','1508797333','','0','1','0' )
  5. SELECT *
      FROM jos_components
      WHERE parent = 0
  6. SELECT folder AS TYPE, element AS name, params
      FROM jos_plugins
      WHERE published >= 1
      AND access <= 0
      ORDER BY ordering
  7. CREATE TABLE IF NOT EXISTS `jos_ualog` (
              `id` INT(11) NOT NULL AUTO_INCREMENT,
              `user_id` INT(11) NOT NULL,
              `option` VARCHAR(255) NOT NULL,
              `task` VARCHAR(255) NOT NULL,
              `action_link` text NOT NULL,
              `action_title` text NOT NULL,
              `item_title` VARCHAR(255) NOT NULL,
              `cdate` INT(11) NOT NULL,
              PRIMARY KEY  (`id`))
  8. SELECT *
      FROM jos_redj
      WHERE ( (('/blogs/cybersecurity-blog/883-securing-and-attacking-the-html5-landscape' REGEXP BINARY fromurl)>0
      AND case_sensitive<>'0') OR (('/blogs/cybersecurity-blog/883-securing-and-attacking-the-html5-landscape' REGEXP fromurl)>0
      AND case_sensitive='0') )
      AND published='1'
      ORDER BY ordering
  9. SELECT m.*, c.`option` AS component
      FROM jos_menu AS m
      LEFT JOIN jos_components AS c
      ON m.componentid = c.id
      WHERE m.published = 1
      ORDER BY m.sublevel, m.parent, m.ordering
  10. SELECT id, parent_id, VALUE, name, lft, rgt
      FROM jos_core_acl_aro_groups
      WHERE id=23
  11. SHOW COLUMNS
      FROM jos_content
  12. SELECT template
      FROM jos_templates_menu
      WHERE client_id = 0
      AND (menuid = 0 OR menuid = 204)
      ORDER BY menuid DESC
      LIMIT 0, 1
  13. SELECT a.*, u.name AS author, u.usertype, cc.title AS category, s.title AS SECTION, CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(":", a.id, a.alias) ELSE a.id END AS slug, CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":", cc.id, cc.alias) ELSE cc.id END AS catslug, g.name AS groups, s.published AS sec_pub, cc.published AS cat_pub, s.access AS sec_access, cc.access AS cat_access  , ROUND( v.rating_sum / v.rating_count ) AS rating, v.rating_count
      FROM jos_content AS a
      LEFT JOIN jos_categories AS cc
      ON cc.id = a.catid
      LEFT JOIN jos_sections AS s
      ON s.id = cc.SECTION
      AND s.scope = "content"
      LEFT JOIN jos_users AS u
      ON u.id = a.created_by
      LEFT JOIN jos_groups AS g
      ON a.access = g.id
      LEFT JOIN jos_content_rating AS v
      ON a.id = v.content_id
      WHERE a.id = 883
      AND (  ( a.created_by = 0 )    OR  ( a.state = 1
      AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '2017-10-23 22:22:13' )
      AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '2017-10-23 22:22:13' )   )    OR  ( a.state = -1 )  )
  14. UPDATE jos_content
      SET hits = ( hits + 1 )
      WHERE id='883'
  15. SELECT g.*
      FROM jos_core_acl_aro_groups AS g
      INNER JOIN jos_core_acl_groups_aro_map AS gm
      ON gm.group_id = g.id
      INNER JOIN jos_core_acl_aro AS ao
      ON ao.id = gm.aro_id
      WHERE ao.VALUE='63'
      ORDER BY g.id
  16. SELECT a.id, CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(":", a.id, a.alias) ELSE a.id END AS slug, CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":", cc.id, cc.alias) ELSE cc.id END AS catslug
      FROM jos_content AS a
      LEFT JOIN jos_categories AS cc
      ON cc.id = a.catid
      WHERE a.catid = 67
      AND a.state = 1
      AND a.access <= 0
      AND ( a.state = 1 OR a.state = -1 )
      AND ( publish_up = '0000-00-00 00:00:00' OR publish_up <= '2017-10-23 22:22:13' )
      AND ( publish_down = '0000-00-00 00:00:00' OR publish_down >= '2017-10-23 22:22:13' )
      ORDER BY a.created DESC
  17. SELECT *
      FROM jos_tagmeta
      WHERE ( (('/blogs/cybersecurity-blog/883-securing-and-attacking-the-html5-landscape' REGEXP BINARY uri)>0
      AND case_sensitive<>'0') OR (('/blogs/cybersecurity-blog/883-securing-and-attacking-the-html5-landscape' REGEXP uri)>0
      AND case_sensitive='0') )
      AND published='1'
      ORDER BY ordering
  18. SELECT m.*, am.params AS adv_params
      FROM jos_modules AS m
      LEFT JOIN jos_advancedmodules AS am
      ON am.moduleid = m.id
      WHERE m.published = 1
      AND m.access <= 0
      AND m.client_id = 0
      ORDER BY m.ordering, m.id
  19. SELECT parent
      FROM jos_menu
      WHERE id = 204
      LIMIT 1
  20. SELECT parent
      FROM jos_menu
      WHERE id = 4
      LIMIT 1
  21. SELECT parent
      FROM jos_menu
      WHERE id = 204
      LIMIT 1
  22. SELECT parent
      FROM jos_menu
      WHERE id = 4
      LIMIT 1
  23. SELECT parent
      FROM jos_menu
      WHERE id = 204
      LIMIT 1
  24. SELECT parent
      FROM jos_menu
      WHERE id = 4
      LIMIT 1
  25. SELECT parent
      FROM jos_menu
      WHERE id = 204
      LIMIT 1
  26. SELECT parent
      FROM jos_menu
      WHERE id = 4
      LIMIT 1
  27. SELECT parent
      FROM jos_menu
      WHERE id = 204
      LIMIT 1
  28. SELECT parent
      FROM jos_menu
      WHERE id = 4
      LIMIT 1
  29. SELECT config
      FROM jos_pi_aua_config
      WHERE id='aua'
      LIMIT 1

Language Files Loaded

Untranslated Strings Diagnostic

None

Untranslated Strings Designer

None