HTML 5 Security

OWASP Meeting, Philadelphia, PA

This is the presentation I gave for the Philadelphia chapter meeting of the Open Web Application Security Project (OWASP) in August.  The presentation covers a number of HTML 5 security concerns that I uncovered during research into the topic.  While HTML 5 is a wonderful tool for developer, the new features also present some new security challenges.  Security in HTML 5 is a widely varied topic and we may not yet understand all of the security challenges it will bring.  HTML 5 poses a major paradigm shift in the way that web applications are delivered and consumed and time will tell whether this will result in a net positive or negative for security.  The new anti-XSS mitigation features of HTML 5 are amazing, and well worth investigating if you're looking to develop a new application.

Some of the security mitigations, specifically those designed to prevent XSS, are described in further detail at