How web security will change with HTML5

Here’s an article with musings on potential security1 issues of The Web’s favorite new buzzword, HTML5.

Before you get too excited about breaking the spec, consider this bit:

The most dangerous security problems won’t be due to features of HTML5. Too many experienced people have been working on the specs to leave egregious errors in the design or in browsers’ implementation of it. The worst problems will come from developers who rush into new technologies without remembering sins of the past. It’s far too easy to fall into the trap of trusting data from the browser just because some hefty JavaScript routines have been assumed to perform all sorts of security validation on the data.

I can’t post the original article here because Mashable’s evil contract means I no longer have any rights to it. (Give us your content for free and receive Exposure!) I obviously agreed to these terms; hopefully they serve Mashable and me well.

If you’d like to hear more about HTML5 along with more technical details, stick around. There’s plenty to talk about!



Published by Mike Shema

Mike works with product security and DevSecOps teams to build safer applications. He also writes about information security, with an infusion of references to music (80s), sci-fi (apocalyptic), and horror (spooky) to keep the topics entertaining. He hosts the Application Security Weekly podcast.

%d bloggers like this: