Introduction to HTML5 Security

Course Description

This course focuses on the weaknesses and strengths of HTML5. Learners will learn how attackers abuse legitimate interaction patterns within the browser and how they can use various browser mechanisms for security. By the end of this course, learners will understand the security model of the web, enabling them not only to spot potential security issues but also to implement appropriate defenses.

Course Themes

  • New HTML5 features
  • Browser security controls
  • Front-end architecture
  • Browsing contexts and interaction patterns
  • Scriptless injection attacks

Learning Objectives

  • Explain the isolation boundaries enforced by modern browsers.
  • Securely enable limited interactions between isolated contexts.
  • Understand how UI redressing and tabnabbing attacks work and how to defend against them.
  • Implement defenses to neutralize dangerous attributes of HTML5 forms.
  • Understand how client-side storage mechanisms enlarge the attack surface.
  • Illustrate the danger of injection vulnerabilities using payloads other than script injection.

Details

Delivery Format: eLearning

Duration: 75 Minutes

Level: Beginner

Intended Audience:

  • Front-End Developers
  • Back-End Developers
  • Architects

Competencies: Understanding of HTML and JavaScript; knowledge of OWASP Top 10 useful but not necessary

Prerequisites:

Get more course information


250 / 250