The security benefits and pitfalls of using HTML5 for web apps

News Analysis

The security benefits and pitfalls of using HTML5 for web apps

"HTML5 provides new ways to create highly interactive sites and explicitly addresses more security that its predecessors.

"Browser databases and changes to the Same Origin Rule help developers create more advanced sites. But new elements and new features may introduce new script injection (XSS) attacks. They also add new code to the browser, which may have bugs that can be exploited to spread malware or attack the desktop.

"HTML5 also entwines privacy and security more closely. Browsers finally stopped supporting the terribly insecure SSLv2 only within the past few years, in spite of some websites still having it configured. Now it's up to websites to start applying SSL (HTTPS) more rigorously. As browsers become the primary means of storing, sharing and manipulating information - whether financial, medical, professional, or social - the necessity of encrypting that traffic increases.

"The best ways to protect your browser are to keep it up to date - along with its plug-ins. And to be wary of using public wi-fi networks when you want to visit sites that don't strictly enforce HTTPS throughout its pages."

Mike Shema, security research engineer at Qualys

Back to feature

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy