• Save
CTO Talk: HTML5, a clear and present danger
Upcoming SlideShare
Loading in...5
×
 

CTO Talk: HTML5, a clear and present danger

on

  • 598 views

 

Statistics

Views

Total Views
598
Views on SlideShare
531
Embed Views
67

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 67

http://www.denyall.com 65
https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CTO Talk: HTML5, a clear and present danger CTO Talk: HTML5, a clear and present danger Presentation Transcript

  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 16/7/2013 Deny All © 2013 1HTML5:Clear & Present DangerCTO TalkMay 29, 2013This event will start at9:30am CEST,thanks for your patience
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 26/7/2013 Deny All © 2013 2Hello!Renaud BidouChief Technology OfficerStéphane de Saint AlbinVP Sales & Marketing
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 36/7/2013 Deny All © 2013 3• Our goal: share our views onthe dangers associated withHTML5 in 60 minutes• How it works– You’re muted…– … but please ask anyquestions using the chat tool– We’ll take a few minutes atthe end to answer themLogistics
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 46/7/2013 Deny All © 2013 4• Clear and present danger– Not fully standardized yet– Supported by all browsers– User experience enhancements– New vulnerabilities– Disruptive for existing security tools• Gartner’s recommendation– “Enterprises must assess the risks of HTML5 and useappropriate security measures to mitigate risks forsensitive applications”– In ‘Prepare to Deal with HTML Security Risks’,4 Sept 2012, John Girard, John PescatoreHTML5
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 56/7/2013 Deny All © 2013 5Menu1. HTML5 new capabilities2. HTML5 tricks3. Empowering common threats4. Hackers’dreams come true
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 66/7/2013 Deny All © 2013 6Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 6What’s new with HTML5
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 76/7/2013 Deny All © 2013 7Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 7Poll #1
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 86/7/2013 Deny All © 2013 8• Project led by W3C• Latest draft: HTML 5.1 – May 2, 2013– Previous : December 17, 2012– Previously : 13 drafts starting from January 22, 2008• Why HTML5 ?– Make HTML content natively dynamic– Support offline mode– Increase security control and tuning– Improve internals for performance, task parallelization etc.HTML5 short history
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 96/7/2013 Deny All © 2013 9• On-the-fly graphics with the <canvas> tag• Native MP3, Ogg and Wav audio formatsupport with the <audio> tag• Native MP4, WebM and Ogg video formatsupport with the <video> tag• Drag & Drop ! with draggable attribute andondrop event handler• Embedded geolocation with the newgetCurrentPosition() methodNew HTML content
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 106/7/2013 Deny All © 2013 10• New input types through <input type> attribute– Email : type="email"– URL: type="url"– Numbers: type="number" type="range"– Date: type="date" type="month" type="week"• Embedded format validator– Based on type attribute value– Can be enforced through the pattern attribute– Can be disabled… don’t try to understand…Input Validation<form novalidate>
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 116/7/2013 Deny All © 2013 11New forms inputs<input type="email"><input type="url"><input pattern="d{4}"placeholder="4 digits PIN"><input type="number" min="0"max="10" step="2" value="6">
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 126/7/2013 Deny All © 2013 12• Web Workers enable JavaScript backgroundprocessing• Web Storage improves local storage toextend the cookie concept and nativelysupport session-based data handling• WebApp Cache to enable offline mode ofWeb/Cloud based applications• Server Sent Events (SSE) enables Server toClient communication through theestablished connectionNew HTML internals
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 136/7/2013 Deny All © 2013 13Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 13HTML5 new security tricks
  • To view full slides or to listen to thewebinar recording, please visitwww.denyall.com/recordings_en.htmlLink is available in the descriptionbelow.
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 156/7/2013 Deny All © 2013 15Call to Action1. Download the Forrester report– www.denyall.com/forrester-en/2. Evaluate Protect 4.1 FP1– Now available in customers’ download area– Not a customer yet? Contact us today3. Evaluate Detect 5.1– https://edge.denyall.com– ftp://ftp-detect.denyall.com4. Let’s talk about your needs– sales@denyall.com, +33 1 46 20 96 00
  • Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 166/7/2013 Deny All © 2013 16Thank you!info@denyall.com+33 1 46 20 96 00