HTML 5 enables data storage within the website visitor’s browser , bidirectional communication between the client and server, the gathering of location information all of which allow for a highly usable website however all of these new technologies can also be leveraged by malicious actors and the impact that this will affect the visitors to the site are not being fully discussed or researched and there is a significant danger that the technology will be widely adapted without sufficient security precautions.
At JPCERT/CC we have issued a report titled “Security issues and findings regarding web applications using HTML 5.” In this report we outline items that should be considered in the development of web application using HTML5 and security issues that arise when transitioning web applications to HTML 5. The goal of the report is to disclose all our findings in an organised fashion and enable web security researchers and web application developers to have a basic foundational document.
In this presentation I will present based on the report and through demos, security issues to consider when developing web applications using HTML 5. Also I will present our findings regarding the current state of security of HTML 5 usage based on the data of 95000 website’s response headers.
Tomoyuki Shigemori
Tomoyuki Shigemori is an Information Security Analyst of Watch and Warning Group at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center).
His expertise lies in information gathering and providing early warnings on cyber threats to relevant organizations including governmental entities and infrastructures.
He has delivered presentations in many conferences such as Open Source Conference 2013, Enterprise and Parallels Summit 2013 Japan. He has also contributed as a coauthor in publishing “How to protect your business from cyber attacks (NTT Publishing)” and some other books.