HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 39 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow HTML5 vulnerability assessment tool
EH-Net
May 21, 2013, 04:05:50 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: HTML5 vulnerability assessment tool  (Read 7202 times)
0 Members and 1 Guest are viewing this topic.
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 864



View Profile
« on: August 25, 2011, 02:45:42 PM »
Hey,

I have been thinking for a while about creating a tool that you can point at a web page and it would go through it to search for HTML5 vulnerabilities. I searched a bit a couldn't find a tool that would do something like that.

But I am sure some commercial vulnerability scanner would this and many more things. So do you know about web app scanner that do that?

Is it worth the effort of writing such a tool?

Thanks for your feedback.
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
dropper
Newbie
*
Offline Offline

Posts: 3



View Profile
« Reply #1 on: August 25, 2011, 03:20:30 PM »
Hi,

Do you mean client (cross-domain information leakage, etc.) or server side vulnerabilities (like xss with HTML5 tags)?

 In my mind at lot of the server-side vulnerabilities are just permutations of what is already known.  In my humble opinion, it would be fairly easy to patch already existing software to search for these vulnerabilities.  It is the client side issues, like SQLI on the client, that seem to be relatively new ground.

I would be interested in contributing code. I'm looking forward to seeing what everybody else turns up. 
Logged
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #2 on: August 25, 2011, 04:05:43 PM »
are we talking vulnerabilities or "features"? Smiley
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 864



View Profile
« Reply #3 on: August 26, 2011, 09:29:49 AM »
Yes, looking at "features"  Cheesy

I was more looking at a tool doing code review. Having a tool looking at bad code and proposing fixes. Sothing like "instead of write this line this way, why don't you do that?".

To help the developers find possible vulnerabilities in their code before they release it in prod.

But this is probably not that useful...  Undecided
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
rance
Full Member
***
Offline Offline

Posts: 212


<censored>


View Profile
« Reply #4 on: August 29, 2011, 10:28:50 AM »
Quote from: H1t M0nk3y on August 26, 2011, 09:29:49 AM
But this is probably not that useful...  Undecided

Only because a developer probably wouldn't be caught dead using such a tool.    Grin
Logged
Poking at security since 1986.  +++ATH
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 864



View Profile
« Reply #5 on: August 29, 2011, 10:50:18 AM »
You're so right rance, developers don't know anything about security, yet alone security tools.

Ok, I will put my very little free time against something more useful.

Thanks for the replies guys
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
rance
Full Member
***
Offline Offline

Posts: 212


<censored>


View Profile
« Reply #6 on: August 29, 2011, 11:01:12 AM »
I'm behind ya on an HTML5 exploit tool, though! Smiley
Logged
Poking at security since 1986.  +++ATH
dbest
Jr. Member
**
Offline Offline

Posts: 79


View Profile
« Reply #7 on: September 03, 2011, 12:54:08 PM »
While there is no harm in writing a tool to help developers check for weaknesses in their code, the use might be limited.
I would say, if you think that it will benefit at least a few people out there, why not go for it.

Also, an exploit would be cool too.
Logged
CISM, CEH, CISA, ISO 27001 LA
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.112 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.