HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication
- Monday, January 13th, 2014 at 1:00 PM EST (18:00:00 UTC)
- Johannes Ullrich
You can now attend the webcast using your mobile device!
The term "HTML5" encompasses a number of new subsystems that are currently being implemented in browsers. Most of these were created with a focus on functionality, not security. But the impact of these features is not all negative for security. Quite the oposit. New abilities to store data on the client, or having access to hardware sensors like geolocation and tilt sensors have the ability to enhance session tracking and make authentication more secure and easier to use. This talk will select a number of examples to demonstrate the positive, as well as sometimes negative, impact of these features for web application security. Code samples for any demonstrations will be made available.
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.