25. September 2010 · Comments Off on HTML5 security concerns · Categories: Security-Compliance · Tags:

Via ThreatPost: Security a Concern as HTML5 Gains Traction

This article and an earlier blog post from Veracode entitled, HTML5 Security in a Nutshell, itemize some of the new HTML5 features which can be seen as new threat vectors including (1) Local database and session storage, (2) sandboxing, and (3) postMessage().

Every new technology increase risks, at the very least, because people misunderstand how to use it and bad actors know this. Therefore as a new technology, in this case, HTML5 gains traction, cyber criminals are drawn to it as well. We’ve seen the same thing happen with Web 2.0 applications, social networking, and virtualization.

If the major security vendors don’t respond to the new threats, you can be sure that new security vendors will.