Magic Software: HTML5 is "very susceptible" to SQL injection attacks
The security of the applications we use on our mobile devices is a subject of increasing concern.
As smartphones get smarter, tablets get easier to swallow and the cloud powers all of these "slim" devices with all the back-end power that they do not naturally come with at birth due to their small form factor and scaled down dimensions -- the issue of mobile security warms up further still.
So should this be of concern to software application developers?
This is the question posed by UK MD of Magic Software David Akka who says that the answer is most definitely, yes.
"Take, for example one of the key vulnerabilities of web applications: SQL injection. A recent report highlights that SQL injection is the number one risk for web applications and HTML5 is very susceptible to these kind of attacks as, quite simply, it has not been designed with security in mind," asserts Akka.
NOTE: SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data.
"Past experience should play a role here as this is the third time we are going through a security debate related to HTML. It was built and then later, when security mattered, patches were created to fix those problems; but this of course left loopholes, which are open to exploitation. As developers, we may embrace a tool for its practicality, but looking at it from a different perspective, it's not yet mature enough to provide the robust levels if security required for enterprise application development," he said.
Akka rightly points out that of course vulnerabilities exist everywhere and mobility is just the new line of attack, however it does seem to be one where we are less prepared.
"This is also due in part to increased use of collaborative applications. Although viruses are nothing new, people are perhaps less 'virus aware' when downloading applications than they should be, and in my mind, mobile collaborative apps could be a significant threat. The solution boils down to getting the right tools for the job, which can take a huge amount of work and forethought, and right now, I believe HTML5 is not one of those tools," said Akka.
Magic's Akka believes that given the current state of uncertainty (and until HTML5 reaches full maturity) it's more sensible to use a Mobile Enterprise Application Platform (MEAP), which allows you to develop once and then deliver to multiple platforms.
"This is a far safer option where security is concerned," he said.