Enviar búsqueda
Cargar
CTO Talk: HTML5, a clear and present danger
•
0 recomendaciones
•
795 vistas
DenyAll Security Solutions
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 16
Recomendados
Foundations of Cyber Security Review Certificate
Foundations of Cyber Security Review Certificate
David Sweigert
SVAGlobal
SVAGlobal
NetSet Software (P) Ltd.
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Jaroslav Gergic
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Inc.
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development Process
Achim D. Brucker
SAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_Perumal
Murugesh Rajeev Perumal
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development Flow
TechWell
Recomendados
Foundations of Cyber Security Review Certificate
Foundations of Cyber Security Review Certificate
David Sweigert
SVAGlobal
SVAGlobal
NetSet Software (P) Ltd.
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Software Engineering in the Age of SaaS and Cloud Computing - SERA 2013 - MFF...
Jaroslav Gergic
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Technology Forum 2013: Our Vision Around Application Driven Networking
Avaya Inc.
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development Process
Achim D. Brucker
SAP_UI5_oData_ABAP_Murugesan_Perumal
SAP_UI5_oData_ABAP_Murugesan_Perumal
Murugesh Rajeev Perumal
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development Flow
TechWell
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
SAP PartnerEdge program for Application Development
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
TigerGraph
Resume_of_Goudham_Thangavel
Resume_of_Goudham_Thangavel
Goudham Thangavelu
SunilKumarBM_JAVA
SunilKumarBM_JAVA
Sunil M
Resume
Resume
dhirendra gohil
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resume
Shantha Kumar N
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
Gene Kim
SAS Modernization Webinar
SAS Modernization Webinar
d-Wise Technologies
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot net
Rajendran m
GunjanDixitCV
GunjanDixitCV
Gunjan Saxena Dixit
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: Launching
Acquia
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress Rollbase
Abhishek Kant
Demystifying Cloud Security
Demystifying Cloud Security
Ben Clay, CSP (IoT - Expert)
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
SOASTA
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
SOASTA
AgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile Journey
Hyperdrive Agile Leadership (powered by Bratton & Company)
Cross browser testing
Cross browser testing
Perfecto Mobile
Integrating Security into DevOps
Integrating Security into DevOps
CloudPassage
Monitoring in the DevOps Era
Monitoring in the DevOps Era
Mike Kavis
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + Semantics
Matt Turner
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Más contenido relacionado
Similar a CTO Talk: HTML5, a clear and present danger
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
SAP PartnerEdge program for Application Development
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
TigerGraph
Resume_of_Goudham_Thangavel
Resume_of_Goudham_Thangavel
Goudham Thangavelu
SunilKumarBM_JAVA
SunilKumarBM_JAVA
Sunil M
Resume
Resume
dhirendra gohil
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resume
Shantha Kumar N
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
Gene Kim
SAS Modernization Webinar
SAS Modernization Webinar
d-Wise Technologies
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot net
Rajendran m
GunjanDixitCV
GunjanDixitCV
Gunjan Saxena Dixit
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: Launching
Acquia
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress Rollbase
Abhishek Kant
Demystifying Cloud Security
Demystifying Cloud Security
Ben Clay, CSP (IoT - Expert)
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
SOASTA
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
SOASTA
AgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile Journey
Hyperdrive Agile Leadership (powered by Bratton & Company)
Cross browser testing
Cross browser testing
Perfecto Mobile
Integrating Security into DevOps
Integrating Security into DevOps
CloudPassage
Monitoring in the DevOps Era
Monitoring in the DevOps Era
Mike Kavis
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + Semantics
Matt Turner
Similar a CTO Talk: HTML5, a clear and present danger
(20)
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Graph Gurus 24: How to Build Innovative Applications with TigerGraph Cloud
Resume_of_Goudham_Thangavel
Resume_of_Goudham_Thangavel
SunilKumarBM_JAVA
SunilKumarBM_JAVA
Resume
Resume
Shanthkumar 6yrs-java-analytics-resume
Shanthkumar 6yrs-java-analytics-resume
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
DOES14 - Scott Prugh - CSG - DevOps and Lean in Legacy Environments
SAS Modernization Webinar
SAS Modernization Webinar
Rajendran M 2+ years of Exp in Dot net
Rajendran M 2+ years of Exp in Dot net
GunjanDixitCV
GunjanDixitCV
Drupal for Project Managers, Part 3: Launching
Drupal for Project Managers, Part 3: Launching
Drag and Drop Application Development with Progress Rollbase
Drag and Drop Application Development with Progress Rollbase
Demystifying Cloud Security
Demystifying Cloud Security
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
Modern Load Testing: Move Your Load Testing from the Past to the Present
AgileCamp Silicon Valley 2015: An Agile Journey
AgileCamp Silicon Valley 2015: An Agile Journey
Cross browser testing
Cross browser testing
Integrating Security into DevOps
Integrating Security into DevOps
Monitoring in the DevOps Era
Monitoring in the DevOps Era
MarkLogic User Group - Best of MLW and Search + Semantics
MarkLogic User Group - Best of MLW and Search + Semantics
Último
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Último
(20)
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Slack Application Development 101 Slides
Slack Application Development 101 Slides
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
CTO Talk: HTML5, a clear and present danger
1.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 16/7/2013 Deny All © 2013 1 HTML5: Clear & Present Danger CTO Talk May 29, 2013 This event will start at 9:30am CEST, thanks for your patience
2.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 26/7/2013 Deny All © 2013 2 Hello! Renaud Bidou Chief Technology Officer Stéphane de Saint Albin VP Sales & Marketing
3.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 36/7/2013 Deny All © 2013 3 • Our goal: share our views on the dangers associated with HTML5 in 60 minutes • How it works – You’re muted… – … but please ask any questions using the chat tool – We’ll take a few minutes at the end to answer them Logistics
4.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 46/7/2013 Deny All © 2013 4 • Clear and present danger – Not fully standardized yet – Supported by all browsers – User experience enhancements – New vulnerabilities – Disruptive for existing security tools • Gartner’s recommendation – “Enterprises must assess the risks of HTML5 and use appropriate security measures to mitigate risks for sensitive applications” – In ‘Prepare to Deal with HTML Security Risks’, 4 Sept 2012, John Girard, John Pescatore HTML5
5.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 56/7/2013 Deny All © 2013 5 Menu 1. HTML5 new capabilities 2. HTML5 tricks 3. Empowering common threats 4. Hackers’dreams come true
6.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 66/7/2013 Deny All © 2013 6Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 6 What’s new with HTML5
7.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 76/7/2013 Deny All © 2013 7Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 7 Poll #1
8.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 86/7/2013 Deny All © 2013 8 • Project led by W3C • Latest draft: HTML 5.1 – May 2, 2013 – Previous : December 17, 2012 – Previously : 13 drafts starting from January 22, 2008 • Why HTML5 ? – Make HTML content natively dynamic – Support offline mode – Increase security control and tuning – Improve internals for performance, task parallelization etc. HTML5 short history
9.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 96/7/2013 Deny All © 2013 9 • On-the-fly graphics with the <canvas> tag • Native MP3, Ogg and Wav audio format support with the <audio> tag • Native MP4, WebM and Ogg video format support with the <video> tag • Drag & Drop ! with draggable attribute and ondrop event handler • Embedded geolocation with the new getCurrentPosition() method New HTML content
10.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 106/7/2013 Deny All © 2013 10 • New input types through <input type> attribute – Email : type="email" – URL: type="url" – Numbers: type="number" type="range" – Date: type="date" type="month" type="week" • Embedded format validator – Based on type attribute value – Can be enforced through the pattern attribute – Can be disabled… don’t try to understand… Input Validation <form novalidate>
11.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 116/7/2013 Deny All © 2013 11 New forms inputs <input type="email"> <input type="url"> <input pattern="d{4}" placeholder="4 digits PIN"> <input type="number" min="0" max="10" step="2" value="6">
12.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 126/7/2013 Deny All © 2013 12 • Web Workers enable JavaScript background processing • Web Storage improves local storage to extend the cookie concept and natively support session-based data handling • WebApp Cache to enable offline mode of Web/Cloud based applications • Server Sent Events (SSE) enables Server to Client communication through the established connection New HTML internals
13.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 136/7/2013 Deny All © 2013 13Securing & Accelerating Your Applications 6/7/2013 Deny All © 2012 13 HTML5 new security tricks
14.
To view full
slides or to listen to the webinar recording, please visit www.denyall.com/recordings_en.html Link is available in the description below.
15.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 156/7/2013 Deny All © 2013 15 Call to Action 1. Download the Forrester report – www.denyall.com/forrester-en/ 2. Evaluate Protect 4.1 FP1 – Now available in customers’ download area – Not a customer yet? Contact us today 3. Evaluate Detect 5.1 – https://edge.denyall.com – ftp://ftp-detect.denyall.com 4. Let’s talk about your needs – sales@denyall.com, +33 1 46 20 96 00
16.
Securing & Accelerating
Your Applications 6/7/2013 Deny All © 2012 166/7/2013 Deny All © 2013 16 Thank you! info@denyall.com +33 1 46 20 96 00