Pulling The Plug: Security Risks In The Next Generation Of Offline Web Applications

No ratings

Presented at ShmooCon 2011 by

Michael Sutton discussed, “Security Risks in the Next Generation of Offline Web Applications.” Two main topics of interest were Google Gears and HTML5. Sutton said that Google did not intend to compete with HTML5, however, Google did develop Google Gears as a web application. In 2007, Google dropped “Google” from the name so that Gears might attract a wider audience. Gears has three main components: a local web server, a full relational database, and a client side database. Sutton continued with a detailed demonstration of a variety of real-world vulnerabilities that have been uncovered, including a new class of cross-site scripting and client-side SQL injection.