New Security Challenges from HTML5


As  HTML5 is gaining in popularity, subsequently new web applications are being created on a daily basis, however in terms of security new challenges are also being created particularly for enterprise security professionals.

The predictions for 2012,  from the HTML5 technology as it introduces new capabilities for rich web application, nevertheless new possible attack gates may be created in combination.

From the HTML4 this technology has powered most of the web for many years, as it consists of a low capability programming language, as a result developers have added and complemented it by embedding programming interpretive objects such as JavaScript, Flash, among others. In terms of security these objects are capable of compromising users as they can inject and manipulate vulnerabilities which in turn made the whole system very insecure.

With HTML5 the requirement to have these embedding objects are almost non existent, as this language and standards has already all functionality and capabilities built in, thus no need to use any of the interpretive objects.

With this new rich capabilities these include a full database that enables users to store gigabytes of information.  As an example, developers and users can execute and process full frame animation, 3D virtual reality or store applications inside the browser.

As a consequence from this technology, in terms of security by allowing to  store data within the browser, the browser itself can become a target and a tool for cyber criminals.

Furthermore, new sandboxing in HTML5 also makes "clickjacking" (tricking web users into revealing confidential information or taking control of their computer while clicking on a seemingly innocuous link) more of a risk, as web pages are no longer able to identify where commands are coming from. HTML5 from its new capabilities around cookies manipulations, which could make the removal of cookies after a certain period redundant.

If developers don't code their sites properly the security implications are that bad code may be run under a huge database of the URLs that users have been to and track all of users field input all from the browser.

Despite these new security challenges problems, there are also security benefits. These include: A reduction of the need for unverified add-ons, furthermore with HTML5 there is the capability for client-side input validation, as well as libraries that can help deal with SQL injection challenges.

Popular posts from this blog

Skype Improves Functionality on User Experience Chat Syncing History

Image
For frequent users of Skype  the user experience on a smartphone and desktop are not always the same, particularly when following up on past chat messages as there was no functionality to be able to sync chat history between the two technology platforms.  As a result, users always felt this shortcoming was quite inconvenient, where chat messaging was not syncing between different devices and desktops despite being the same application logs.   Another working inconvenience for mobile users experience is that if a user has many contacts it can take quite a long time updating previous alerts and old chat messages to appear at the point where the user last logged in into the software application platform. Furthermore, it may take quite many minutes even before the application becomes operational from the latest updated content and communications, of which depending when a user last logged in all the history has to occur in a repetitive manner and in some cases the date and history log
Read more

Great Free Web Resources to Develop and Test Code for Projects

Image
We have compiled our favourite list of great Free online editors for code development and testing for simplicity ease of use. This is a great resource particularly for web developers and anyone else just trying or learning how to easily test HTML, Javascript or CSS technologies before implementation. "Put a HTML file online, quickly and with no registration. Use it as a sandbox for playing with CSS and Javascript." Test HTML, Javascript and CSS without creating file or uploading to servers. "Online compiler/interpreter, and a simple collaboration tool." " Code Playground" "Online compiler and debugging tool which allowsto compile and run code online in more than 40 programming languages." "Online editor for snippets build from HTML, CSS and JavaScript. The code can then be shared with others, embedded on a blog, etc." "Vivid environment for developers to showcase th
Read more

Google Friend Connec

Google Friend Connects with Twitter: After Yahoo! announced that they will soon implement Facebook Connect acr.. http://tinyurl.com/ylngnrj
Read more

Email Spam Contact Management Tools

Image
These days, many people and businesses tend to receive many email however many do not use dedicated tools to help separate genuine personalised emails to general and annoying emails. In this post, we have selected tools to enable people and businesses achieve a clean and sustainable inbox for their incoming emails. These tools may not be appropriate to all businesses, depending on the nature of the business, however it is worth a consideration for those businesses that feel inundated with tons of daily unwanted emails. "Unsubscribe from unwanted email subscriptions, discover new ones and organize them all in one place. " Unroll   "Hide your address from spammers, companies, others." Sneakemail   "Hosted security and archiving services" Google Postini   "Remove all the spam (and other unwanted email)before it gets to your computer" MailWasher   Not free, but good provider. SpamHero
Read more