SlideShare uma empresa Scribd logo

CTO Talk: HTML5, a clear and present danger

‱
‱
DenyAll Security Solutions
DenyAll Security Solutions
Tecnologia
1 de 16
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 16/7/2013 Deny All © 2013 1 HTML5: Clear & Present Danger CTO Talk May 29, 2013 This event will start at 9:30am CEST, thanks for your patience
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 26/7/2013 Deny All © 2013 2 Hello! Renaud Bidou Chief Technology Officer Stéphane de Saint Albin VP Sales & Marketing
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 36/7/2013 Deny All © 2013 3 ‱ Our goal: share our views on the dangers associated with HTML5 in 60 minutes ‱ How it works – You’re muted
 – 
 but please ask any questions using the chat tool – We’ll take a few minutes at the end to answer them Logistics
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 46/7/2013 Deny All © 2013 4 ‱ Clear and present danger – Not fully standardized yet – Supported by all browsers – User experience enhancements – New vulnerabilities – Disruptive for existing security tools ‱ Gartner’s recommendation – “Enterprises must assess the risks of HTML5 and use appropriate security measures to mitigate risks for sensitive applications” – In ‘Prepare to Deal with HTML Security Risks’, 4 Sept 2012, John Girard, John Pescatore HTML5
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 56/7/2013 Deny All © 2013 5 Menu 1. HTML5 new capabilities 2. HTML5 tricks 3. Empowering common threats 4. Hackers’dreams come true
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 66/7/2013 Deny All © 2013 6Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 6 What’s new with HTML5
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 76/7/2013 Deny All © 2013 7Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 7 Poll #1
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 86/7/2013 Deny All © 2013 8 ‱ Project led by W3C ‱ Latest draft: HTML 5.1 – May 2, 2013 – Previous : December 17, 2012 – Previously : 13 drafts starting from January 22, 2008 ‱ Why HTML5 ? – Make HTML content natively dynamic – Support offline mode – Increase security control and tuning – Improve internals for performance, task parallelization etc. HTML5 short history
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 96/7/2013 Deny All © 2013 9 ‱ On-the-fly graphics with the <canvas> tag ‱ Native MP3, Ogg and Wav audio format support with the <audio> tag ‱ Native MP4, WebM and Ogg video format support with the <video> tag ‱ Drag & Drop ! with draggable attribute and ondrop event handler ‱ Embedded geolocation with the new getCurrentPosition() method New HTML content
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 106/7/2013 Deny All © 2013 10 ‱ New input types through <input type> attribute – Email : type="email" – URL: type="url" – Numbers: type="number" type="range" – Date: type="date" type="month" type="week" ‱ Embedded format validator – Based on type attribute value – Can be enforced through the pattern attribute – Can be disabled
 don’t try to understand
 Input Validation <form novalidate>
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 116/7/2013 Deny All © 2013 11 New forms inputs <input type="email"> <input type="url"> <input pattern="d{4}" placeholder="4 digits PIN"> <input type="number" min="0" max="10" step="2" value="6">
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 126/7/2013 Deny All © 2013 12 ‱ Web Workers enable JavaScript background processing ‱ Web Storage improves local storage to extend the cookie concept and natively support session-based data handling ‱ WebApp Cache to enable offline mode of Web/Cloud based applications ‱ Server Sent Events (SSE) enables Server to Client communication through the established connection New HTML internals
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 136/7/2013 Deny All © 2013 13Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 13 HTML5 new security tricks
To view full slides or to listen to the webinar recording, please visit www.denyall.com/recordings_en.html Link is available in the description below.
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 156/7/2013 Deny All © 2013 15 Call to Action 1. Download the Forrester report – www.denyall.com/forrester-en/ 2. Evaluate Protect 4.1 FP1 – Now available in customers’ download area – Not a customer yet? Contact us today 3. Evaluate Detect 5.1 – https://edge.denyall.com – ftp://ftp-detect.denyall.com 4. Let’s talk about your needs – sales@denyall.com, +33 1 46 20 96 00
Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 166/7/2013 Deny All © 2013 16 Thank you! info@denyall.com +33 1 46 20 96 00

Recomendados

Foundations of Cyber Security Review Certificate
Foundations of Cyber Security Review CertificateFoundations of Cyber Security Review Certificate
Foundations of Cyber Security Review CertificateDavid Sweigert
 
SVAGlobal
SVAGlobalSVAGlobal
SVAGlobalNetSet Software (P) Ltd.
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...CA API Management
 
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...Jaroslav Gergic
 
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven NetworkingAvaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven NetworkingAvaya Inc.
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
SAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_PerumalSAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_PerumalMurugesh Rajeev Perumal
 
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowScaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowTechWell
 

Recomendados

Foundations of Cyber Security Review Certificate
Foundations of Cyber Security Review CertificateFoundations of Cyber Security Review Certificate
Foundations of Cyber Security Review CertificateDavid Sweigert
 
SVAGlobal
SVAGlobalSVAGlobal
SVAGlobalNetSet Software (P) Ltd.
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...CA API Management
 
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...Jaroslav Gergic
 
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven NetworkingAvaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven NetworkingAvaya Inc.
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
SAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_PerumalSAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_PerumalMurugesh Rajeev Perumal
 
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowScaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowTechWell
 
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...SAP PartnerEdge program for Application Development
 
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph CloudGraph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph CloudTigerGraph
 
Resume_of_Goudham_Thangavel
Resume_of_Goudham_ThangavelResume_of_Goudham_Thangavel
Resume_of_Goudham_ThangavelGoudham Thangavelu
 
SunilKumarBM_JAVA
SunilKumarBM_JAVASunilKumarBM_JAVA
SunilKumarBM_JAVASunil M
 
Resume
ResumeResume
Resumedhirendra gohil
 
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resumeShanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resumeShantha Kumar N
 
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy EnvironmentsDOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy EnvironmentsGene Kim
 
SAS Modernization Webinar
SAS Modernization WebinarSAS Modernization Webinar
SAS Modernization Webinard-Wise Technologies
 
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot netRajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot netRajendran m
 
GunjanDixitCV
GunjanDixitCVGunjanDixitCV
GunjanDixitCVGunjan Saxena Dixit
 
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: LaunchingDrupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: LaunchingAcquia
 
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress RollbaseDrag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress RollbaseAbhishek Kant
 
Demystifying Cloud Security
Demystifying Cloud SecurityDemystifying Cloud Security
Demystifying Cloud SecurityBen Clay, CSP (IoT - Expert)
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentSOASTA
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentSOASTA
 
AgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile JourneyAgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile JourneyHyperdrive Agile Leadership (powered by Bratton & Company)
 
Cross browser testing
Cross browser testingCross browser testing
Cross browser testingPerfecto Mobile
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + SemanticsMarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + SemanticsMatt Turner
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Mais conteĂșdo relacionado

Semelhante a CTO Talk: HTML5, a clear and present danger

Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph CloudGraph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph CloudTigerGraph
 
Resume_of_Goudham_Thangavel
Resume_of_Goudham_ThangavelResume_of_Goudham_Thangavel
Resume_of_Goudham_ThangavelGoudham Thangavelu
 
SunilKumarBM_JAVA
SunilKumarBM_JAVASunilKumarBM_JAVA
SunilKumarBM_JAVASunil M
 
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resumeShanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resumeShantha Kumar N
 
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy EnvironmentsDOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy EnvironmentsGene Kim
 
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot netRajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot netRajendran m
 
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: LaunchingDrupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: LaunchingAcquia
 
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress RollbaseDrag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress RollbaseAbhishek Kant
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentSOASTA
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentSOASTA
 
Cross browser testing
Cross browser testingCross browser testing
Cross browser testingPerfecto Mobile
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + SemanticsMarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + SemanticsMatt Turner
 

Semelhante a CTO Talk: HTML5, a clear and present danger (20)

Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
 
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph CloudGraph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
 
Resume_of_Goudham_Thangavel
Resume_of_Goudham_ThangavelResume_of_Goudham_Thangavel
Resume_of_Goudham_Thangavel
 
SunilKumarBM_JAVA
SunilKumarBM_JAVASunilKumarBM_JAVA
SunilKumarBM_JAVA
 
Resume
ResumeResume
Resume
 
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resumeShanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resume
 
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy EnvironmentsDOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
 
SAS Modernization Webinar
SAS Modernization WebinarSAS Modernization Webinar
SAS Modernization Webinar
 
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot netRajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot net
 
GunjanDixitCV
GunjanDixitCVGunjanDixitCV
GunjanDixitCV
 
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: LaunchingDrupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: Launching
 
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress RollbaseDrag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress Rollbase
 
Demystifying Cloud Security
Demystifying Cloud SecurityDemystifying Cloud Security
Demystifying Cloud Security
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
 
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the PresentModern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
 
AgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile JourneyAgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile Journey
 
Cross browser testing
Cross browser testingCross browser testing
Cross browser testing
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + SemanticsMarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + Semantics
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...gurkirankumar98700
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

CTO Talk: HTML5, a clear and present danger

  • 1. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 16/7/2013 Deny All © 2013 1 HTML5: Clear & Present Danger CTO Talk May 29, 2013 This event will start at 9:30am CEST, thanks for your patience
  • 2. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 26/7/2013 Deny All © 2013 2 Hello! Renaud Bidou Chief Technology Officer StĂ©phane de Saint Albin VP Sales & Marketing
  • 3. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 36/7/2013 Deny All © 2013 3 ‱ Our goal: share our views on the dangers associated with HTML5 in 60 minutes ‱ How it works – You’re muted
 – 
 but please ask any questions using the chat tool – We’ll take a few minutes at the end to answer them Logistics
  • 4. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 46/7/2013 Deny All © 2013 4 ‱ Clear and present danger – Not fully standardized yet – Supported by all browsers – User experience enhancements – New vulnerabilities – Disruptive for existing security tools ‱ Gartner’s recommendation – “Enterprises must assess the risks of HTML5 and use appropriate security measures to mitigate risks for sensitive applications” – In ‘Prepare to Deal with HTML Security Risks’, 4 Sept 2012, John Girard, John Pescatore HTML5
  • 5. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 56/7/2013 Deny All © 2013 5 Menu 1. HTML5 new capabilities 2. HTML5 tricks 3. Empowering common threats 4. Hackers’dreams come true
  • 6. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 66/7/2013 Deny All © 2013 6Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 6 What’s new with HTML5
  • 7. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 76/7/2013 Deny All © 2013 7Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 7 Poll #1
  • 8. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 86/7/2013 Deny All © 2013 8 ‱ Project led by W3C ‱ Latest draft: HTML 5.1 – May 2, 2013 – Previous : December 17, 2012 – Previously : 13 drafts starting from January 22, 2008 ‱ Why HTML5 ? – Make HTML content natively dynamic – Support offline mode – Increase security control and tuning – Improve internals for performance, task parallelization etc. HTML5 short history
  • 9. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 96/7/2013 Deny All © 2013 9 ‱ On-the-fly graphics with the <canvas> tag ‱ Native MP3, Ogg and Wav audio format support with the <audio> tag ‱ Native MP4, WebM and Ogg video format support with the <video> tag ‱ Drag & Drop ! with draggable attribute and ondrop event handler ‱ Embedded geolocation with the new getCurrentPosition() method New HTML content
  • 10. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 106/7/2013 Deny All © 2013 10 ‱ New input types through <input type> attribute – Email : type="email" – URL: type="url" – Numbers: type="number" type="range" – Date: type="date" type="month" type="week" ‱ Embedded format validator – Based on type attribute value – Can be enforced through the pattern attribute – Can be disabled
 don’t try to understand
 Input Validation <form novalidate>
  • 11. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 116/7/2013 Deny All © 2013 11 New forms inputs <input type="email"> <input type="url"> <input pattern="d{4}" placeholder="4 digits PIN"> <input type="number" min="0" max="10" step="2" value="6">
  • 12. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 126/7/2013 Deny All © 2013 12 ‱ Web Workers enable JavaScript background processing ‱ Web Storage improves local storage to extend the cookie concept and natively support session-based data handling ‱ WebApp Cache to enable offline mode of Web/Cloud based applications ‱ Server Sent Events (SSE) enables Server to Client communication through the established connection New HTML internals
  • 13. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 136/7/2013 Deny All © 2013 13Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 13 HTML5 new security tricks
  • 14. To view full slides or to listen to the webinar recording, please visit www.denyall.com/recordings_en.html Link is available in the description below.
  • 15. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 156/7/2013 Deny All © 2013 15 Call to Action 1. Download the Forrester report – www.denyall.com/forrester-en/ 2. Evaluate Protect 4.1 FP1 – Now available in customers’ download area – Not a customer yet? Contact us today 3. Evaluate Detect 5.1 – https://edge.denyall.com – ftp://ftp-detect.denyall.com 4. Let’s talk about your needs – sales@denyall.com, +33 1 46 20 96 00
  • 16. Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 166/7/2013 Deny All © 2013 16 Thank you! info@denyall.com +33 1 46 20 96 00