It was almost a decade ago that a shift began in the way we used computer applications, illuminating an era of web based application development. Computers had reached a stage where people could write better programs and perform even the most complex operation using the applications. Then arised the question of portability and finally we are here using web based applications.
With emergence of web based application development, came cross-site scripting, directory traversals, SQL injections and Cross site request forgery. With every emerging technology comes the threat. It is imperative to understand the nature of the threat to prevent it from interfering into our creations. HTML 5 being the latest technology and one of the best inventions, we will take a close look at the threats surmounting this essential technology.
HTML 5 is the new web standard that enables web applications to run on cross-platform and devices varying in size, resolutions, etc. Analyzing the power of HTML 5, web developers integrated it in almost every web application, including the ones that run on smart phones. In fact, HTML 5 has empowered multimedia portability. However, like others, HTML 5 is also vulnerable to stealth attacks and silent exploits.
Apparently, the cross-platform support of the new web standard has increased the attack surface. HTML 5 has been recently reported of facing a number of threats including cross-site scripting and resource hijacking. Even though HTML 5 is still evolving, the new technologies that it integrates are encouraging attackers. The attack is stealthy and silent and mostly on distorts the web application’s appearance or directly hit the business logic layer stealing valuable information.
HTML 5 and XHR are the targets of the web attackers. XHR objects are said to be powerful; however, attackers have bypassed this, forcing authentication layers to relay with credentials. Silent attacks are mainly taking place into XmlHttpRequest level 2 specification and CORS (Cross Origin Resource sharing). Moreover, HTML 5 forms can be manipulated, exposing the web based application to injection attacks.
For more details, you can search for serious 10 hijacks that were recently reported by the founder of Blueinfy to Black Hat, an organization that takes care of the web security.
Today many developers are turning their attention towards the most recent ad powerful HTML 5. The technology is widely used in making web based application development powerful and capable. It is used as a means of developing software that would run anywhere and on any device, including the smart phone devices. It seems, so far little attention has been paid to the security concerns it can bring. Since the threats are out in open, let’s expect to embrace better methods of eliminating these threats and a cleaner approach to web based application development.