Friday, December 9, 2011
Security in HTML5's all new features have generated quite a lot discussion lately in different internet forums. There have been comments on both good and bad sides of the new features and some discussions have turned into debates whether it should be the specifications or the coders responsibility to make their web pages safer.
In my opinion, as a coder, it is always a good thing to know about the security side of different web technologies, whether they are safe or not.
The best analyses I have found so far on HTML5 security are the following reports:
ENISA (European Network and Information Security Agency) have published a 60 pages long security analysis of next generation web standards, in which they address 51 security threats in detail. Full report available here.
Also a research report by Trend Micro issues similar threats and presents an example scenario on generating a botnet with HTML5 technologies.
Another good sites to find out more about HTML5 security are http://html5sec.org/ and HTML5 Security Cheatsheet Project websites.