 |
|
 |
|
fertieg50
Stały
Dołączył: 24 Wrz 2010
Posty: 399
Przeczytał: 0 tematów
Ostrzeżeń: 0/5
Skąd: England
|
|
 |
|
 |
|
 Wysłany: Pon 15:00, 13 Gru 2010 Temat postu: and the space is relatively small |
|
|
application security experts said,[link widoczny dla zalogowanych], HTML5 to the developers brought new security challenges. Adobe, Apple and the war of words between the fate of HTML 5 brings a lot of speculation, despite the implementation of HTML 5 is still a long way to go, but it is certain is that the use of HTML 5 developers will need to Application Security Development Lifecycle deploy new security features to meet the security challenges brought about HTML5.
client storage
cross-domain communication
\probably because they do not ease of use by developers disabled. If handled properly, this feature will help defend against malicious third-party ad or content can not be trusted to prevent replay. \
Iframe security
\reference code currently very unsafe.
HTML5 will then need to cover the attack on our face what kind of impact? This article will explore several important about the safety of HTML 5.
\Scores pull over, \Although HTML5 allows new types of applications to establish, but if developers start using these features, it does not understand the applications they create the safety significance, it will be great security risk to users. \
\
the importance of this issue is not everyone agrees. Veracode CTO Chris Wysopal said,[link widoczny dla zalogowanych], for example, by using a web application or browser plug-ins extend the client to store data there has been a lot of ways.
and other versions of HTML may be sent directly to allow JavaScript XML HTTP request call back to the original server, and HTML5 to relax this restriction, XML HTTP requests can be sent to any allow such a request the server. Of course, if the server can not be trusted, then this will lead to serious security problems.
from a security perspective, HTML5 also has good features, such as plans to support iframe sandbox attribute.
\\\potential injection attack, or may one of your client's database is malicious,8. Graham, when synchronized with production systems,[link widoczny dla zalogowanych], synchronization problems may occur, or potentially malicious client data will be inserted into the production system. \
earlier versions of HTML web site will only allow cookies as a local information storage, and the space is relatively small, only for storage or as a simple file information stored in the Other location data (such as a session ID) identifier, Denim Group's application security research division director Dan Cornell said. However, HTML5 LocalStorage allows the browser to store a large number of local database, allows the use of new types of applications.
Post został pochwalony 0 razy
|
|
FAQ 
