Explore the security advantages of HTML5 in this comprehensive conference talk from AppSecEU 2014. Delve into the sophisticated security features of modern Web APIs, comparing HTML5 technologies to traditional alternatives across key areas like cross-domain communication, client-side persistence, in-browser communication, and clickjacking protection. Learn how CORS, LocalStorage, PostMessage, and X-Frames-Options offer more secure solutions than their predecessors. Gain insights into additional browser security capabilities such as Content Security Policies, Sandboxed iFrames, and Strict-Transport Security. Based on empirical research from the WebSand project, this talk challenges the perception of HTML5 as insecure and demonstrates its superior security architecture for web development.
Overview
Syllabus
Sebastian Lekies Martin Johns - Relax everybody HTML5 is much securer than you think
Taught by
OWASP Foundation