One of the big things that will lead to security issues with HTML 5 applications is the relaxation of previous limitations with regard to where data is stored and where code is run. Inevitably this leads to people making mistakes.
Let’s look at a little history:
HTML 5: More data gets sent to the client side, and now it gets persisted on users’ workstations across sessions. Offline web applications run even when the user is not connected. Relaxation of cross-domain restrictions allows processing to be done not only on the client side, but also on 3rd party servers. Hilarity, I suspect, will ensue.
We have found a couple of simple techniques that can help get the right questions asked earlier in the development process:
· Build Threat Models with data flow diagrams: This gets application architects and developers to explicitly define assets, processes and the trust boundaries that exist in an application. This can be very helpful in highlighting where sensitive data is being stored in an untrusted (ie client-side) environment.
· Build UML Sequence Diagrams for critical functionality: This forces the developers to be explcit about what components are making what calls. As with the data flow diagrams this exposes situations where security controls aren’t located where they need to be as well as situations where security-critical decisions are being made where they shouldn’t. And if you can’t easily figure out where a particular operation is running then perhaps you need to take a good look at your architecture and the technologies you’ve chosen to use for implementation.
Based on this newfound understanding of your application:
· Design and build your application with the assumption that data on the client side might be changed and might also fall into the hands of someone who breaks into the user’s workstation.
· Design and build your application with the assumption that any calculation done on the client side – or anywhere not under your control – may be compromised. Re-verify any security critical decisions in your code.
HTML 5 has a lot of great capabiltiies and it should make it possible to build applications that weren’t previously possible. A little bit of thought early on when building these applications can head off a lot of pain and suffering later.
Contact us for more informaiton about using new technologies securely.
dan _at_ denimgroup.com