HTML5 Security Report
HTML5 is a specification of a markup language which is under development by WHATWG and W3C as the next generation of HTML standard. HTML5 and its peripheral technologies enable us to develop more flexible and convenient website than using the conventional HTML4. It allows us to store data within the visitor's browser (Web Storage), enables full-duplex communication between the visitor's browser and web servers(WebSocket) and obtain location information of the visitor(Geolocation). However, verifications and awareness-raising on how attackers may exploit these new features have yet to be properly performed. There are concerns that HTML5 may become more and more prevalent without proper security measures put in place.
JPCERT/CC compiled this report with the aim to provide organized material which could serve as a basis for technical documentation and guideline for secure web application development using HTML5. To the utmost extent, we have worked to verify each of the security issues covered in the report.
Some part of this research was outsourced to NetAgent Inc.
|2014-07-30||Investigation Report Regarding Security Issues of Web Applications Using HTML5||