Client Side Vulnerabilities / Html5 Storage Manipulation (DOM-Based)
Description
HTML5 storage manipulation (DOM-based) is a type of client-side attack in which the attacker is able to manipulate HTML5 Storage, also known as DOM Storage, of a web application. DOM Storage is a browser-based storage mechanism for client-side data that has a higher capacity than cookies and is supported by all modern browsers. This vulnerability can be exploited by manipulating a web application’s DOM storage in order to access, modify, or delete sensitive data. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-284, Improper Access Control, and the Open Web Application Security Project (OWASP) Testing Guide categorizes it as part of the Injection section.
Risk
HTML5 storage manipulation (DOM-based) is a high-risk vulnerability because attackers can exploit this vulnerability to access, modify, or delete sensitive data, which can lead to significant costs to repair and recover the data, as well as potential reputational damage.
Solution
The best way to prevent HTML5 storage manipulation (DOM-based) is to ensure that proper access control is in place. This can be achieved by properly validating input for all data that is stored in HTML5 Storage, as well as input from other sources such as cookies. Additionally, it is important to ensure that the application has a secure mechanism in place to detect and prevent malicious data manipulation.