AbstractsComputer Science

HTML5 Web application security with OWASP

by Daniel Nilsson

Institution: Blekinge Institute of Technology
Year: 2013
Keywords: datavetenskap; computer science - general; computer science - informatics; säkerhetsteknik; security engineering; html5; owasp; w3c; whatwg
Record ID: 1340978
Full text PDF: http://www.bth.se/fou/cuppsats.nsf/6753b78eb2944e0ac1256608004f0535/a3ae038d51acf370c1257bad0051b127?OpenDocument


HTML5 has gained a lot of interest the last couple of years from web developers. HTML5 is the new upcoming standard for HTML set to be released in the end of 2014 (W3C). In this report HTML5 is reviewed in order to determine if it has made web applications more secure. This is done with information study and the use of experimental test cases. We use the latest OWASP top ten list of security risks in web applications as a benchmark. As a result we found ve correlations between OWASP top ten list and HTML5 functionality. The results clearly indicates that HTML5 is aecting web application security. The security risks that was successfully exploited is Cross-site scripting, Security Misconguration, Sensitive Data Exposure, Cross-site request forgery and Unvalidated redirects and forwards. We suggest countermeasures for the tests performed and discuss how developers should have security in mind when it comes to developing with HTML5.