Skip to main content

ENISA Highlights Flaws in New W3C Web Standards Including HTML 5

The European Network Information Security Agency (ENISA) has discovered 51 flaws in 13 new World Wide Web Consortium standards.

The security agency said that many of these flaws were capable of allowing hackers to steal information from websites.

The agency said that the findings were grave in nature and had to be worked upon swiftly as more and more services like banking, social networking, card payments, navigation and shopping were offered on a web browser.

Even critical infrastructures like power supply and nuclear reactors were managed on the web. According to the report, HTML 5 one of the fasted growing web standards was also affected by vulnerabilities. The standard is currently supported by companies like Apple and Google.

“Many of these specifications are reaching a point-of-no-return. For once, we have the opportunity to think deeply about security – before the standard is set in stone, rather than trying to patch it up afterwards. This is a unique opportunity to build in security-by-design,” says Giles Hogben, co-editor of the report.

The 50 flaws reported by ENISA, apart from allowing hackers to access sensitive information, can present them with new ways to implement form submissions and dodge access control mechanisms.

The full report can be downloaded here.