AppSecUSA 2012 has ended
Thursday, October 25 • 2:00pm - 2:45pm
Hacking with WebSockets

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

HTML5 isn't just for watching videos on your iPad. Its features may be the target of a security attack as much as they may be used to improve an attack. Vulnerabilities like XSS have been around since the web's beginning, but exploiting them has become increasingly sophisticated.
HTML5 features like WebSockets are part of the framework for controlling browsers compromised by XSS.

This presentation provides an overview of WebSockets: How they might increase the attack surface of a web site, their implications for privacy, and the potential security problems with protocols tunneled over them. Then it demonstrates how WebSockets can be used as an effective part of a hacking framework.

It closes with recommendations for deploying WebSockets securely, applying security principles to web app design, and providing a tool for exploring WebSockets security.

avatar for Vaagn Toukharian

Vaagn Toukharian

Senior Software Engineer, Qualys
Senior Software Engineer for Qualys's Web Application Scanner. Was involved with security industry since 1999. Experience includes work on Certification Authority systems, encryption devices, large CAD systems, Web scanners. Outside of work interests include IronMan triathlons... Read More →

Thursday October 25, 2012 2:00pm - 2:45pm CDT
NTObjectives Room - Texas Ballroom II Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (0)