A Security Analysis of Next Generation Web Standards

The web browser is arguably the most security-critical component in our information infrastructure. It has become the channel through which most of our information passes. ENISA is seizing a unique chance to make detailed recommendations for improvements to browser security before they become non-negotiable for years to come. The standards which govern the browser are currently undergoing a major upgrade. This includes HTML5, cross-origin communication standards such as CORS and standards for access to local data such as geo-location. In total 51 security threats and issues are identified and detailed in this report.

July 31, 2011
Editors: Dr. Giles Hogben, Dr Marnix Dekker, Authors: Philippe De Ryck, Lieven Desmet, Pieter Philippaerts, and Frank Piessens, Katholieke Universiteit Leuven

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more