[Owasp-testing] Testing Guide V4 - Start up

rick.mitchell at bell.ca rick.mitchell at bell.ca
Tue Sep 25 13:57:02 UTC 2012


Has anyone put any thought into test cases for HTML5 localstorage [1,2] or web sockets [3,4,5]? I also recall reading some articles last year that suggested there were weaknesses in the Cross-origin resource sharing (CORS) implementation (draft spec).

I sadly haven't had lots of time to look into these but I can foresee various security issues related to such technology.

[1] http://www.w3schools.com/html/html5_webstorage.asp
[2] http://diveintohtml5.info/storage.html

[3] http://dev.w3.org/html5/websockets/
[4] http://en.wikipedia.org/wiki/WebSocket
[5] http://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-websockets-today/




From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Juan Galiana
Sent: September 13, 2012 4:47 AM
To: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Testing Guide V4 - Start up

I've moved "Directory traversal/file include" from Authentication to Authorization as this sections is more appropriate.

And I've added HTML5 as a subsection of Client Side Testing to cover specific vulnerabilities of HTML5 like XMLHttpRequest Level 2 cross-domain security issues.

I wrote my name under some sections too.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120925/ef7ca074/attachment.html>


More information about the Owasp-testing mailing list