Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sick of Flash security holes? HTML5 has its own

Paul Krill | Aug. 7, 2015
HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobe's Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flash's major weaknesses, HTML5 is no panacea.

There's also work happening across the browser industry to improve security for all, Barnes says. For example, a universal encryption method is under development, and browser makers are giving users more awareness of and control over what the Web knows about them, he says.

Help from a standards body is on the way as well. The World Wide Web Consortium, which has overseen the development of HTML5, has its Content Security Policy specification proposal, which W3C Domain Lead Wendy Seltzer says offers a policy language for Web authors to restrict active content on their sites, protecting against script injections. There's also the Secure Content specification effort to ensure that powerful Web features only operate in secure, authenticated contexts.

Ultimately, however, apps need to assure security, whether they run in a browser or in an OS. Prevoty's Bellanger recommends that developers adopt Microsoft's secure development lifecycle guidance to strengthen applications against breaches. "It's still the developer's responsibility to build the application as securely as possible," he says.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.