Highlights of HTML5 security issues that require architects to put HTML5 security first

Highlights of HTML5 security issues that require architects to put HTML5 security first

The new performance also represents a new challenge. Network developers and administrators need to regard HTML5 security as a top priority.

HTML5, as a conventional standard, has launched a new PC-based browser-based application service with commercial value. This is also the most influential move in the mobile application field. For HTML5 security, enterprise architects need to adopt a cautious and global approach to ensure that the solution has been designed before the fault occurs.

David Eads, founder of "mobile strategic partner" and Internet security consultant, observed: "when more and more people increase the speed of mobile applications in a secure way, HTML5 security issues have been improved. However, there is still a long way to go, and the faster it will be. You need to find a starting point to get this important breakthrough ."

Enterprise Architects should take the enterprise software development lifecycle as the core to launch the best development strategy to improve the security of application HTML5. Ensuring that network applications and servers are correctly configured and security configurations are reasonable is an important task. Most newly developed technologies are vulnerable and vulnerable to attacks in network application or server settings, which can be solved by improving and disabling functions. Jerome Segura, Director of Security Research at Malwarebytes Labs, said: "Unfortunately, this problem depends on whether network developers and managers can do security resources well. Of course, this means whether they are truly aware of the threats."

Highlights of HTML5 security issues

HTML5 provides many new features for standard browser applications that can run across browsers and clients. However, early European Network Information Security Agency found 51 major defects.

Geoffrey Vaughan is a Security consultant for Security Compass and a supplier of Security tools. HTML5 contains a series of new defects, which are more fragile and easy to appear than general standards, these include security configuration errors and cross-site scripting (XSS) attacks. They can be imported to local storage, suites, or cross-framework scripts:

Security Configuration errors and cross-origin Resource Sharing (CORS) problems are more likely to occur in multiple configuration platforms. Therefore, multiple configuration development platforms have security vulnerabilities in the pre-configuration process. This means that if the configuration is not "quenching", vulnerabilities may occur in the application.

XSS is more aggressive because it allows network applications to have local access. The HTML 5 application can recognize Java scripts and obtain special tags to access the local phone elements. If attackers can use XSS for attacks, they may obtain more personal resource access permissions.

When enterprises develop additional HTML5 storage functions, more security problems will be introduced. The main risk is that if you store sensitive data to a device and the data is lost, stolen, or damaged, the data is easily leaked.

HTML5 can be operated across frameworks and layers, thus simplifying the Web application development process. This feature, coupled with the CORS method, makes HTML5 applications more vulnerable to suite risks than traditional HTML specifications. This risk is significant, but it is easy to hide for mobile apps. For example, the browser components such as navigation and URL bar can easily hide risks.

In the WebSockets protocol, a new vector transport theory is introduced into the enterprise architecture. "That means, HTTP sensing that originally defended against 'local anti-virus software or Web application firewall 'won't be able to easily classify communication features."

Security Education is essential

Mark Hammond, senior director of Neohapsis security and risk consulting, believes that enterprises should consider conducting a security education course during development personnel training. These include access control damages, injection, and CORS attacks. Developers should also consider using environmental security policies to help reduce these attacks.

Bulman said it is also important to carry out a training including regular application security habits. Developers need to be familiar with some security standards (such as OWASP) and related security tools, security libraries, and better practices, such as penetration testing. "In a secure application development process, such as local storage and cross-origin scripts, powerful HTML5 features can be securely deployed in applications," he said ."