HTML5 Security Concerns Complicate Deployment Plans

Stephen Yagielowicz

Recent questions surrounding the security of HTML5 and 13 other new technologies currently under development have sparked demands to address these flaws before coding standards are ratified.

According to a report from the European Network and Information Security Agency entitled “A Security Analysis of Next Generation Web Standards,” portions of increasingly popular programs and applications, including browsers using the fledgling HTML5 standard — being adopted by many adult websites — pose security concerns.

The standards which govern the browser are currently undergoing a major upgrade.

For example, ENISA calls the web browser the most security-critical component in our information infrastructure and the channel through which most information passes — as such, it is seizing what it calls “a unique chance to make detailed recommendations for improvements to browser security before they become non-negotiable for years to come,” — attempting to influence the finalization of impending coding standards.

“The standards which govern the browser are currently undergoing a major upgrade,” ENISA notes. “This includes HTML5, cross-origin communication standards such as CORS and standards for access to local data such as geo-location.”

All together, details of 50 security threats and issues are identified in the report.

The report’s co-editor, Giles Hogben, says that many of these technical specifications are reaching “a point-of-no-return. For once, we have the opportunity to think deeply about security — before the standard is set in stone, rather than trying to patch it up afterwards. This is a unique opportunity to build in security-by-design.”

Some of the concerns noted in the report include formsubmission vulnerabilities and unauthorized access to sensitive information; problems with security policies; operating system permission management; “click-jacking;” and more.

“An important conclusion of this study is that significantly fewer security issues were found in those specifications which have already undergone detailed security review,” co-editor Marnix Dekker added. “This demonstrates the value of in-depth security reviews of up-coming specifications.”

The developing HTML5 standard, already embraced by many adult operators, continues to make progress towards ratification and is expected to be finalized in 2014.

Related:  

More Articles

educational

S2S Postbacks: Getting Ad Stats in 1 Place

Juicy Jay ·
opinion

Tips to Master Customer Subscription Retention

Cathy Beardsley ·
opinion

A Primer on How to Integrate Paysite Processing

Jonathan Corona ·
educational

Trademark Ruling a Victory for Adult Products, Services

Marc Randazza ·
profile

Q&A: Rich Girls CEO Cristina Enriches Cam Models

Alejandro Freixes ·
profile

Q&A: LiviaChoice Embraces Grand Camming Destiny

Alejandro Freixes ·
opinion

Refined Protocols Reduce STI Risks for Performers

Eric Paul Leue ·
educational

Camming 101: Establish Boundaries to Keep the Fantasy Alive

Steve Hamilton ·
profile

Nikki Night Forges Cam Model Excellence

Alejandro Freixes ·
educational

Ethical Camming Inspires a Cultural Revolution

Mia Saldarriaga ·
Show More