Many may recall that this past October, the World Wide Web Consortium (W3C (News - Alert)) officially approved HTML5 as an industry standard, although many enterprises have already adopted or begun to adopt it. But despite its growing popularity, a new and troubling problem is rising to the surface: HTML5 coding is open, and the vast majority of organizations using it are failing to implement any kind of security measure to protect their data.
Just like any other form of data transfer and storage that could be intercepted by unwelcome eyes, HTML5-based solutions need the same level of protection as any other. Yet for whatever reason, no one seems to be safeguarding against HTML5 hackers—yet.
“Cyber attacks that can now walk right through your digital front door might surely jeopardize operations, compromise customer data, personal privacy, or even matters of national security when simple and fast obfuscation and tamper-protection technology exist in the marketplace,” Goncalves writes. “When the code is stored both on the client and server as ‘in the clear’ text files, the code is hosted on a shared server that others could easily gain access. Hence developers can easily lose control over who’s accessing the original source code – unless it’s obfuscated or more robustly protected once it’s released or signed off on as ready for production.”
Ultimately, as more and more companies invest in complex HTML5 application development and service, the need for protecting that code against theft and tampering will become increasingly pressing. While the code is still new to many, that doesn’t mean hackers aren’t already finding ways to infiltrate it. HTML5 should be protected, just like any other business investment or endeavor.
Edited by Maurice Nagle