New Security Challenges from HTML5

{EAV:843e6150f0160f62}

HTML5

As  HTML5 is gaining in popularity, subsequently new web applications are being created on a daily basis, however in terms of security new challenges are also being created particularly for enterprise security professionals.

The predictions for 2012,  from the HTML5 technology as it introduces new capabilities for rich web application, nevertheless new possible attack gates may be created in combination.

From the HTML4 this technology has powered most of the web for many years, as it consists of a low capability programming language, as a result developers have added and complemented it by embedding programming interpretive objects such as JavaScript, Flash, among others. In terms of security these objects are capable of compromising users as they can inject and manipulate vulnerabilities which in turn made the whole system very insecure.

With HTML5 the requirement to have these embedding objects are almost non existent, as this language and standards has already all functionality and capabilities built in, thus no need to use any of the interpretive objects.

With this new rich capabilities these include a full database that enables users to store gigabytes of information.  As an example, developers and users can execute and process full frame animation, 3D virtual reality or store applications inside the browser.

As a consequence from this technology, in terms of security by allowing to  store data within the browser, the browser itself can become a target and a tool for cyber criminals.

Furthermore, new sandboxing in HTML5 also makes “clickjacking” (tricking web users into revealing confidential information or taking control of their computer while clicking on a seemingly innocuous link) more of a risk, as web pages are no longer able to identify where commands are coming from. HTML5 from its new capabilities around cookies manipulations, which could make the removal of cookies after a certain period redundant.

If developers don’t code their sites properly the security implications are that bad code may be run under a huge database of the URLs that users have been to and track all of users field input all from the browser.

Despite these new security challenges problems, there are also security benefits. These include: A reduction of the need for unverified add-ons, furthermore with HTML5 there is the capability for client-side input validation, as well as libraries that can help deal with SQL injection challenges.

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot

{ 1 comment }

New Weekly TV Show

A new show is being started by YODspica TV. The show will go live sometime in September or October, it will include speacial guests, reviews on latest technology, social media tools and business interviews with discussions about Wales as a place to do business. Furthermore, it will be a new way of promoting local talent and local entrepreneurs by providing them a cost effective way of reaching a larger audience.

As a result, Wales will have a new offering of promotion for the country as the show will also include introductions, opinions and local market expertise for all viewers either interested in visiting the country or investing via partnerships or opening doors.

The will show will be presented by UK Entrepreneur, Elio Assuncao.

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot

{ 0 comments }

News Feed Optimization on Facebook

February 26, 2011

Photo by ZeRo`SKiLL The news feed on Facebook is quite important to gain good ratings by facebook .  Furthermore, the feed can be customized following  its network and its patterns of activity, including how your friends they interact statistically with your news feed.  The news feed on facebook presents users with the top posts from [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

Why RSS Auto Posts on Social Media is Wrong

February 22, 2011

Photo by thinkpublicBusinesses are now noticing and starting to invest more on social media marketing in 2011, however not all are embracing the new media seriously or following the correct procedures in order to gain the most from this growing people phenomenon. Many are still cautious and require much beginner’s experimentation before accepting and understanding [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

Cloud Connect Makes Life Easier For Google Search Appliance Users

October 18, 2010

Photo by ivanpwGoogle Search Appliance Enterprise,  is a feature which can index any enterprise data generated by Oracle databases, SAP systems, SharePoint, Salesforce.com, HR systems, intranets, wikis, etc.  Based on this technology company employees have the capability of using a well recognised Google interface. The news is that Google is now updating GSA thus providing [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

Windows Phone 7 “The World Doesn’t Need Another Platform” says Android

October 9, 2010

Photo by jeffwilcoxPC Magazine posted earlier an interesting interview with Android chief Andy Rubin.  From the interview it was mentioned the Android rivals. It was well noted a particular emphasis with regards to Microsoft’s upcoming Windows Phone 7.  It was stated by Andy Rubin  “the world doesn’t need another platform.” Furthermore, it was stated that [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

MySpace Presents New Logo

October 9, 2010

It was recently presented at the Warm Gun Design conference in San Francisco that MySpace has a new logo. The new logo simply designed by having the word “my” in Helvetica and then a symbol delineating a space.  The MySpace’s Mike Macadaan stated the reasoning behind: “MySpace is a platform for people to be whatever they [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

Excellent Free Business Web Tools

October 6, 2010

Photo by carlaarenaWe present in this post a collection of excellent free business tools available for you today that can benefit any business type and regardless of its size. One Hub Onehub is a website that makes online collaboration easier. It allows you to manage projects, share files and collaborate with others in a quick, [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

All Computers May be Blocked to Connect to the Internet, Initially.

October 6, 2010

Photo by xeniAn idea to block malicious computers was presented by a senior researcher from Microsoft.  It follows that risky computers may be blocked from connecting to the internet due to threat that these present to the entire web infrastructure. This idea is mainly intended to address the security issue that botnets – networks of [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

Best Web Analytics Tools

October 4, 2010

Photo by noodlepieIt is so easy for many people to become undecided or not knowing which are the best web analytics tools that are available across the web. Here we provide our selection of the best web analytics tools, from which you can use to analyze full statistics of any of your websites. We have [...]

  • LinkedIn
  • Twitter
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Digg
  • Diigo
  • DZone
  • FriendFeed
  • Google Buzz
  • Identi.ca
  • Mixx
  • MySpace
  • del.icio.us
  • Tipd
  • Ping.fm
  • Reddit
  • Slashdot
Read the full article →

← Previous Entries