Relax Everybody: HTML5 Is Securer Than You Think
iSpeech.org
Many, many conferences nowadays come with "HTML5 is insecure" or "Hacking with HTML5" talks. This has led to the general perception that HTML5 itself (whatever the term actually stands for) is insecure and, thus, should be avoided for security reasons. This is a highly unfortunate misconception, as the current generation of new Web APIs expose a level of security sophistication unparalleled in the Web's history. In fact, new browser features such as CORS or PostMessage allow for the first time to securely realize usecases which, up to now, required the programmers to resort to insecure programming practices.
In this talk, Sebastian Lekies systematically explores security relevant HTML5 APIs. To do so, he discusses their respective security architecture and, more importantly, show how they compare to currently established techniques which were designed to realize similar use cases.
source
Gloss