A Security Analysis of Next Generation Web Standards (ENISA)

The web browser is arguably the most security-critical component in our information infrastructure. It has become the channel through which most of our information passes. ENISA is seizing a unique chance to make detailed recommendations for improvements to browser security before they become non-negotiable for years to come. The standards which govern the browser are currently undergoing a major upgrade. This includes HTML5, cross-origin communication standards such as CORS and standards for access to local data such as geo-location.

In total 51 security threats and issues are identified and detailed in this report.

Publication date:
Authors:Editors: Dr. Giles Hogben, Dr Marnix Dekker
Authors: Philippe De Ryck, Lieven Desmet, Pieter Philippaerts, and Frank Piessens, Katholieke Universiteit Leuven

Downloads

Full report: NG_Web_Security.pdf — PDF document, 1544Kb
Language: English

Link relacionados:
- Web Security: EU Cyber-Security Agency ENISA Flags Security Fixes for new web Standards




Jul 31, 2011