The Securing HTML5 Assessment Resource Kit, or SH5ARK, is an open source project that provides a repository of HTML5 features, proof-of-concept attack code, and filtering rules. The purpose of this project is to provide a single repository that can be used to collect sample code of vulnerable HTML5 features, actual attack code, and filtering rules to help prevent attacks and abuse of these features. The intent of the project is to bring awareness to the opportunities that HTML5 is providing for attackers, to help identify these attacks, and provide measures for preventing them.
The SH5ARK repository includes a description and sample code for each vulnerable HTML5 feature and proof-of-concept attack code. Filtering rules are also provided for blocking each of the HTML5 features and attacks, along with a web page that describes each filter and the ability to test the code. The SH5ARK repository can be installed onto Ubuntu with Apache and mod_security to test the HTML5 features, attacks, and filtering rules.
The SH5ARK repository is maintained as an open source project on Source Forge, located at
http://sourceforge.net/p/sh5ark, and can be downloaded, along with additional files and instructions for installing onto Ubuntu, at the Download link above.
Current Release: 1.0 released September 11, 2012
Format: Compressed tar files (.tgz) or via SVN
Operating System: Setup for Ubuntu Linux LTS 10.04 (code is not OS dependent)
Project Lead: Tony DeLaGrange