Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
ENISA has identified 50 security threats and proposed how they should be addressed
August 2, 2011
2 Min Read
PRESS RELEASE
At a critical moment in the development of HTML5, ENISA today proposes important security fixes for 13 upcoming Web standards. ENISA has identified 50 security threats and proposed how they should be addressed. Banking, social networking, shopping, navigation, card payments and even managing critical infrastructures such as power networks – almost any activity you can imagine now takes place within a browser window.
"The web browser is now one of the most security-critical components in our information infrastructure - an increasingly lucrative target for cyberattackers," comments Udo Helmbrecht, executive director of ENISA.
To accommodate innovations in Web applications and their business models, and to enable more people to use the web, W3C (the Worldwide Web Consortium) is currently working on major revisions to its core standards.
ENISA has seized this opportunity to review the specifications and propose improvements to enhance browser security for all users. "Many of these specifications are reaching a point-of-no-return. For once, we have the opportunity to think deeply about security – before the standard is set in stone, rather trying to patch it up afterwards. This is a unique opportunity to build in security-by-design," says Giles Hogben, co-editor of the report.
"We welcome this very timely security review by ENISA. We have encouraged ENISA to report the issues they have identified to the relevant W3C Working Groups," says Thomas Roessler, W3C security lead.
The ENISA analysis reveals 50 security threats and issues including: unprotected access to sensitive information; new ways to trigger form-submission to attackers; problems in specifying and enforcing security policies; and potential mismatches with operating system permission management.
"An important conclusion of this study is that significantly less security issues were found in those specifications which have already undergone detailed security review. This demonstrates the value of in-depth security reviews of up-coming specifications," says Marnix Dekker, report co-editor.
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
