One of the new high-risk HTML 5 features is the cross-domain trust functionality. The cross-domain trust functionality...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
will allow different domains (DNS names) to communicate between iframes in your Web browser. This feature will be tricky for developers to get right initially -- need to verify that the cross-domain requests are received from other domains from domains from which they expect to receive requests -- and even advanced, technical users may find it difficult to understand the risks involved. Malware writers will likely try to abuse this functionality to gain access to sensitive data, since this check may not happen as intended.
One of the most difficult security issues with HTML 5 is the movement of functionality from the server to the client where the server may trust the client perhaps more than it should. One example is the server trusting that the data from a client contains valid, non-malicious input. The server would assume the client is checking for these types of attacks/bugs on his or her own, so there would be a disconnect there. Servers and applications should be programmed to validate data received from the client to ensure it is not malicious.
Dig Deeper on Web Application Security
Related Q&A from Nick Lewis
A new type of iOS malware can hijack jailbroken iOS devices. Expert Nick Lewis explains how KeyRaider works and how to defend against the threat.continue reading
A rise in ransomware attacks has been attributed to a new service model for cybercriminals. Nick Lewis explains what's behind this new threat.continue reading
A malware tool that helped to compile the Zeus Trojan has been leaked on the Web. Expert Nick Lewis explains what this means for enterprise security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.