HTML5 security skills last a lifetime for developers and cybersecurity pros
While a number of programming markup languages have come and gone as more of the world moved to Web 2.0, HTML (HyperText Markup Language) has remained the standard markup language used to develop web applications. HTML5, which was first introduced in 2008, is the industry standard because it has the ability to run images, audio and video files, and high-quality graphics that can attract more traffic to a website.
Because of this, HTML5 is and will continue to be used for decades to come, says Infosec Skills author Robert Morel.
“HTML5 is the backbone of modern web applications. It is a rolling standard, so it's not going anywhere. It just gets updated,” says Morel, who is a SecOps Engineer for a top cryptocurrency futures exchange. “By learning HTML5 security, you're learning a skill which is going to last you for the better part of your career.”
Learn HTML5 security from an expert
A computer science graduate from Anglia Ruskin University in the UK, Morel began his career as a developer and found himself getting more involved in operations and security. HTML was the bridge between those two worlds.
He built his first website while in college, a static HTML site advertising a plumber. By the time he graduated, he had a team of five specializing in developing angular single-page applications and training courses.
Since then, he has worked with fintech and blockchain, becoming an expert in developing secure and hardened web applications. Through this, he also became an experienced security researcher, ethical hacker and fintech author and blogger.
Why learn HTML5 security?
“There are three languages that are key to a webpage. HTML5 is the structure. CSS does the styling, and JavaScript makes it dynamic,” explains Morel. “Think of these three like building a house. The house is HTML5, the decorations are CSS, and then the plumbing and electricity, that's JavaScript. You have to know HTML5 to build the house.”
HTML5 got rid of browser plugins. Rich media aspects that were formerly handled by plugins (like Flash) are now built-in. All the major browser vendors — Apple, Google, Firefox, Opera and Microsoft — support HTML5, allowing a similar experience on desktops, laptops, tablets and mobile devices. Finally, Amazon now supports HTML5 apps in its App Store for Android, making it easier to find specific apps.
Morel said that understanding HTML5 security is key to providing a first line of defense in your web applications.
“Nearly all web applications use HTML5 because it’s a living standard, meaning that there will be no new versions, only additions to the existing version.
“The beautiful thing about HTML5 security is it's like JavaScript functions. Instead of writing the functions, you just put this one word in the code to secure against all sorts of attacks,” explains Morel. “We get into this in this learning path.”
He adds that studying and passing the HTML5 Security learning path will provide you with a solid foundation in web application security for the foreseeable future —and possibly the rest of your career.
Inside the HTML5 security training
Morel’s HTML5 Security Learning Path is broken down into five sections. The six-hour training provides a comprehensive understanding of securing HTML5 components so you can secure your web applications with confidence.
- Introduction to HTML5 Security: Provides you with an introduction to HTML5 Security and its importance in web applications.
- HTML5 Elements: Breaks down HTML5 components and the reasons for their use in a web application. This knowledge will help you identify common areas of vulnerabilities, then offer solutions to prevent these from becoming attacks.
- Identifying Areas of HTML5 Vulnerability: Teaches you the most common types of attack arising from insecure HTML5 code and the methods used by hackers to exploit them.
- Web App Protection Using HTML5: Shows you how to analyze existing HTML5 code for security vulnerabilities and correct them.
- HTML5 Security in the Wild: A Problem-Based Approach: A hands-on exercise to demonstrate what you’ve learned about HTML5 Security and resolving vulnerabilities in HTML5 code through a bug bounty program. Your job is to assess the reported security vulnerabilities and resolve them.
Who should learn HMTL5 security?
Morel says he’s targeted two groups of IT professionals for this learning path: developers early in their careers and the people who manage developers.
“I'm hoping that the course is accessible to managers, as well as junior security people who want to learn about web application security,” he said. “If you're building a web app or a website, or even a mobile app, this course is going to cover everything that you need to know to secure that.”
“If you're going to do one learning path to learn about web application security, it's going to be this one. It's going to last you your whole career,” promises Morel.
Get your free course catalog
Sources
- What is HTML5, and why is it important?, Dotnek tech blog
- The significance of HTML5, Infoworld
In this Series
- HTML5 security skills last a lifetime for developers and cybersecurity pros
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- ISC2 certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity