Why HTML 5 Could Present Web App Security Risk

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

In my post about the potential security problems with Google's Chrome OS, I added a quote that says that Chrome's use of HTML 5 may be a target of hackers.

So, what's the issue with HTML 5?

For a little background, a purpose behind HTML 5's development is to reduce the need for proprietary plug-in-based rich Internet technologies, such as Adobe Flash and Sun's JavaFX. HTML 5 will allow Web developers to do a lot more.

Michael Calore wrote in his blog on Webmonkey about HTML 5:


"It defines rules for presenting video, audio, mathematical equations, complex layouts, 2-D animations and non-standard typefaces. Each bit of technology has its own working group within the W3C chartered with developing that one component."

However, IT consultants, Denim Group, said this:


"HTML 5 has a variety of new capabilities that can erode previously established security controls. While developers are building more ambitious applications using these new capabilities, many development teams will not consider the associated security risks of exposure of HTML-based 5 web applications until after their deployment."

Denim Group's CTO Dan Cornell told me that developers need to have a good understanding of how the technology works in order to keep it secure. "With the cross-domain capabilities being added in, the applications are going to interact with code and behavior from other sites, outside of your control. So when designing applications, it's important for developers to understand the architecture so they can build trust boundaries and build their application in such a way that when a decision crosses the trust boundary, the data is validated. It's essential to know where data is stored and where data decisions are being made so the developer knows what kind of coding to do to keep the information secure."