DZone
Web Dev Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Web Dev Zone > HTML5 Security: Problem or No?

HTML5 Security: Problem or No?

John Esposito user avatar by
John Esposito
·
Dec. 14, 11 · Web Dev Zone · Interview
Like (0)
Save
Tweet
3.58K Views

Join the DZone community and get the full member experience.

Join For Free

Recently the BBC published a short article with the frightening but vague title 'HTML 5 new target for cybercriminals', claiming that HTML5 opens browsers to new, and renovated old, 'cyber attacks'.

The article focused on HTML5 at first, but later addressed non-HTML5 security concerns -- smartphone-readable QR codes, for example.

The title tainted HTML5 a bit, in a normal mainstream journalistic (i.e., hyperbolic and semi-inaccurate) style, updating old cyber-sensationalist phrases ('because it is new, it is attractive to cybercriminals'), generalizations ('HTML5 makes some ripe for renewed exploitation'), and appeals to public decency ('I used one on a train station and it took me to a Russian porn site').

Annoying to the poor web developer, to be sure, but perhaps a bit more dangerous than earlier anti-web paranoia: HTML5 is breaking new ground in many disparate areas, and the BBC article directly attacked some of its most important advances ('much more data can be stored in the browser which means that criminals can now attack the browser to steal data').

All of which is quite unfair, says Martin Beeby:

I’m usually a fan of the BBC. They’re normally pretty insightful around technology. But this latest report pushed all my buttons. IMHO 90% of it is pure scaremongering while the other 10% is nothing new (or particularly interesting).

...

When you boil it down, the post makes just two points:

  1. Because HTML5 allows the browser to store more information it’s ripe for abuse by ‘super cookie’ wielding criminals
  2. Because it can integrate with GPS, it will allow nefarious types to pinpoint your location


Martin addresses both of these points, and also notes that the rest of the article locates HTML5-unrelated material misleadingly under an HTML5 headline.

Read Martin's full post for the full rant (as he calls it).

For more useful analysis of next-generation web security, however, check out this paper (which Martin also recommends).

 

HTML security

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Getting Started With RSocket Kotlin
  • Chopping the Monolith: The Demo
  • Instancio: Test Data Generator for Java (Part 2)
  • Modern Application Security Requires Defense in Depth

Comments

Web Dev Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo