December 05, 2011

HTML5 to Create Security Challenges, New Risks: Report

While HTML5 programming is opening up a new world of Internet applications, it also presents new security challenges for businesses, according to a new industry report released this week.

From add-ons to HTML5, these impressive capabilities are opening up a new door of opportunity for hackers and cybercriminals, explained James Lyne, director of technology strategy at U.K. security firm Sophos.

“Web technologies are undergoing interesting changes now, from add-ons like Flash or Silverlight to the funky new HTML5. These new technologies introduce some impressive new capabilities for rich web applications,” Lyne said.  “But they could also introduce new attack vectors.”

Among its security predictions for 2012, Sophos identified top trends of 2011 and predictions for key web developments in 2012, including HTML5 – a technology that also comes with new security risks.

“Many languages or environments provide more access to local computing power and resources to enhance the web experience, but could allow the bad guys to find new ways of stealing data. IPv6 (the replacement for the major protocol that drives our networks and the Internet) brings security challenges and benefits,” Lyne said, adding that mass migration in 2012 to IPv6 is “unlikely,” but considering the shrinking number of IP addresses remaining, there will likely be an uptick this issue.

As Lyne explained, a significant challenge for businesses in 2012 will be to keep their security capabilities from backsliding as they adopt new technologies and the cybercriminals expand their focus.

“As we continue to mobilize and access information in different ways and from more locations, security tools will need to keep up,” Lyne said.

As HTML4 has driven content on the web for many years, and because of the simplistic programming language, developers have had to supplement with add-ons such as Flash and JavaScript. However, HTML5 removes the need for most of the add-ons, because it is a more sophisticated language and comes with a full database that enables users to store gigabytes of information, Sophos said.

However, Lyne explained that by storing data within the browser, the browser becomes a target for cyber criminals.

“Traditionally the browser has been a gateway for cyber criminals to get access to your PC, now they’re going to be trying to attack the browser itself to steal its data,” Lyne said.

Want to learn more about HTML5? Then be sure to attend DevCon5 Developers and Designers Conference, taking place Dec 7-8, in Santa Clara, California. HTML5 has the potential to revolutionize user interfaces, challenge the status quo and change the future of both desktop and mobile web experiences. Join fellow web developers, designers, and architects, as well as technology leaders and business strategists who will gather in California to learn strategies and tactics to implement and execute HTML5. To register, click here.

Erin Harrison is Executive Editor, Strategic Initiatives, for TMC, where she oversees the company's strategic editorial initiatives, including the launch of several new print and online initiatives. She plays an active role in the print publications and TMCnet, covering IP communications, information technology and other related topics. To read more of Erin's articles, please visit her columnist page.

Edited by Rich Steeves


HTML 5 Demos and Examples

HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos.... Learn More

HTML5 GAMES is the largest and most comprehensive directory of HTML5 games on the internet... Learn More

The HTML5 test

How well does your browser support HTML5?... Learn More

Working Draft (WHATWG)

This is the Editor’s Draft from WHATWG. You can use it online or print the available PDF version... Learn More

HTML5 Flip Book

Free jQuery and HTML5 flip book maker for PDF to online page turning book conversion... Learn More