Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

EU cyber-security agency flags urgent security fixes for new web standards/HTML5

At a critical moment in the development of HTML5, the new core standard for the web, ENISA, the EU cyber-security agency, has highlighted important security fixes for 13 upcoming web standards. ENISA has identified 50 security threats and proposed how they should be addressed.

To accommodate innovations in web applications and their business models and to enable more people to use the web, W3C (the World Wide Web Consortium) is currently working on major revisions to its core standards.

ENISA has used this opportunity to review the specifications and propose improvements to enhance browser security for all users.

“Many of these specifications are reaching a point-of-no-return. For once, we have the opportunity to think deeply about security – before the standard is set in stone, rather than trying to patch it up afterwards. This is a unique opportunity to build in security-by-design,” says Giles Hogben, co-editor of the review report.

“We welcome this very timely security review by ENISA. We have encouraged ENISA to report the issues they have identified to the relevant W3C Working Groups,” says Thomas Roessler, W3C security lead.

The security threats and issues found by ENISA include:

• Unprotected access to sensitive information;
• New ways to trigger form-submission to attackers;
• Problems in specifying and enforcing security policies;
• Potential mismatches with Operating System permission management;
• Underspecified features, potentially leading to conflicting or error-prone implementations;
• New ways to escape access control mechanisms and protection from ‘click-jacking’ (tricking the user into clicking on dangerous links and buttons).

Read the report (PDF)

•Date: 3rd August 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here