Thursday, May 13, 2010

New HTML Version Comes With Security Risks Of Its Own

HTML 5 could help spur SQL injection attacks on client machines, experts say

Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web attack vectors.

Security experts say HTML 5, which comes with rich Internet application features baked in, will not only provide better performance and multimedia features, such as video, but also will eliminate the need to manage and maintain browser plug-ins, such as Adobe Flash. "These features are tied in at the design stage," says Josh Abraham, security researcher with Rapid7. "You don't have to load in a third-party plug-in and then upgrade it. Maintaining these third-party [applications] has been a huge issue [for organizations]."


No comments: