Solved

HTML5 Vulnerabilities

Posted on 2010-09-17
4
763 Views
Last Modified: 2013-11-19
With HTML5 being such an innovation in the dynamic internet, what is to prevent it from opening such a larger attack surface for users?

I would assume that since so many dynamic elements are implemented in HTML5 to replace things such as flash, wouldn't more people be more vulnerable?
0
Comment
Question by:twcadmin
4 Comments
 
LVL 5

Accepted Solution

by:
bupper earned 225 total points
ID: 33703127
It is up to the individual browser to protect the user from attacks. Some browsers are more secure than others -- for example, Mozilla Firefox has a good track record.

In general though, HTML5 would indeed open a larger surface for attacks, and the browsers are hopefully taking note and taking appropriate measures. Here is a good article on this:
http://www.pcworld.com/businesscenter/article/203794/html5_raises_new_security_issues.html
0
 
LVL 62

Assisted Solution

by:btan
btan earned 200 total points
ID: 33707568
Client-side storage - Earlier versions of HTML only allow sites to store cookies as local information, and these are relatively small and only useful for storing simple profile information or identifiers for data stored elsewhere, such as a session ID. HTML5 LocalStorage, however, allows much greater amounts of data to be stored locally by the browser, permitting new types of applications.

I always see it as Security (assurance needs) Vs Convenience (operational needs)

Cross-domain communication - While other versions of HTML would only allow JavaScript to make XML HTTP request calls back to the original server, HTML5 has relaxed this restriction so that XML HTTP requests can be made to any server that allows them.

Iframe security - support a sandbox attribute for iframes but this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience.

Pls also see this link for more of it
http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 75 total points
ID: 33710671
0
 
LVL 5

Author Closing Comment

by:twcadmin
ID: 33825359
Thanks for the thoughts and resources.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Get to know the ins and outs of building a web-based ERP system for your enterprise. Development timeline, technology, and costs outlined.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question