News Analysis

The security benefits and pitfalls of using HTML5 for web apps

"HTML5 provides new ways to create highly interactive sites and explicitly addresses more security that its predecessors.

"Browser databases and changes to the Same Origin Rule help developers create more advanced sites. But new elements and new features may introduce new script injection (XSS) attacks. They also add new code to the browser, which may have bugs that can be exploited to spread malware or attack the desktop.

"HTML5 also entwines privacy and security more closely. Browsers finally stopped supporting the terribly insecure SSLv2 only within the past few years, in spite of some websites still having it configured. Now it's up to websites to start applying SSL (HTTPS) more rigorously. As browsers become the primary means of storing, sharing and manipulating information - whether financial, medical, professional, or social - the necessity of encrypting that traffic increases.

"The best ways to protect your browser are to keep it up to date - along with its plug-ins. And to be wary of using public wi-fi networks when you want to visit sites that don't strictly enforce HTTPS throughout its pages."

Mike Shema, security research engineer at Qualys

Back to feature


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy