One of the new high-risk HTML 5 features is the cross-domain trust functionality. The cross-domain trust functionality...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
will allow different domains (DNS names) to communicate between iframes in your Web browser. This feature will be tricky for developers to get right initially -- need to verify that the cross-domain requests are received from other domains from domains from which they expect to receive requests -- and even advanced, technical users may find it difficult to understand the risks involved. Malware writers will likely try to abuse this functionality to gain access to sensitive data, since this check may not happen as intended.
One of the most difficult security issues with HTML 5 is the movement of functionality from the server to the client where the server may trust the client perhaps more than it should. One example is the server trusting that the data from a client contains valid, non-malicious input. The server would assume the client is checking for these types of attacks/bugs on his or her own, so there would be a disconnect there. Servers and applications should be programmed to validate data received from the client to ensure it is not malicious.
Dig Deeper on Web Application Security
Related Q&A from Nick Lewis
Malware is increasingly using DNS tunnels to aid in data exfiltration. Expert Nick Lewis explains how the attacks work and how best to defend against...continue reading
Researchers warned about the rise of a new cross-site scripting flaw involving same-origin policy. Expert Nick Lewis explains the vulnerability and ...continue reading
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.