Many may recall that this past October, the World Wide Web Consortium (W3C (News – Alert)) officially approved HTML5 as an industry standard, although many enterprises have already adopted or begun to adopt it. But despite its growing popularity, a new and troubling problem is rising to the surface: HTML5 coding is open, and the vast majority of organizations using it are failing to implement any kind of security measure to protect their data.
Fueled by JavaScript, HTML5 first started to gain steam in 2010, when Apple (News
– Alert) announced that it would opt to use HTML5 instead of Flash. As of today, about 30 percent of Fortune 500 companies are using HTML5, according to INCORE. And by Gartner’s (News
– Alert) calculations, more than 50 percent of apps will be using HTML5 by 2016, which is just around the corner. But as Carlos Goncalves, writing for Developer Tech, points out, a startling 99 percent of the production-ready code used and delivered to build websites, enterprise-ready solutions and mobile applications today is totally open.
Just like any other form of data transfer and storage that could be intercepted by unwelcome eyes, HTML5-based solutions need the same level of protection as any other. Yet for whatever reason, no one seems to be safeguarding against HTML5 hackers—yet.
“Cyber attacks that can now walk right through your digital front door might surely jeopardize operations, compromise customer data, personal privacy, or even matters of national security when simple and fast obfuscation and tamper-protection technology exist in the marketplace,” Goncalves writes. “When the code is stored both on the client and server as ‘in the clear’ text files, the code is hosted on a shared server that others could easily gain access. Hence developers can easily lose control over who’s accessing the original source code – unless it’s obfuscated or more robustly protected once it’s released or signed off on as ready for production.”
JavaScript obfuscation used to scramble and protect the HTML5 code is a great place to start, because it helps ensure that the copyrighted code is optimized and monitored for performance. This not only protects against potential license infringement, but it also can block attacks, fraud schemes or code theft, in addition to the goods or services being offered through the application itself.
Ultimately, as more and more companies invest in complex HTML5 application development and service, the need for protecting that code against theft and tampering will become increasingly pressing. While the code is still new to many, that doesn’t mean hackers aren’t already finding ways to infiltrate it. HTML5 should be protected, just like any other business investment or endeavor.
Edited by
Maurice Nagle