Relax everybody, HTML5 is much securer than you think
Many, many conferences nowadays come with "HTML5 is insecure" or "Hacking with HTML5" talks. This has lead to a general perception that HTML5 itself (whatever the term actually stands for) is insecure and, thus, should be avoided for security reasons. This is highly unfortunate, as the current generation of new Web APIs expose a level of security sophistication, which is unparalleled in the Web's history. In fact, new browser features such as CORS or PostMessage allow, for the first time, to securely realize usecases which, up to now, required the programmers to resort to insecure programming practices.
In this talk, we will systematically explore security relevant HTML5 APIs. To do so, we discuss their respective security architecture and, more importantly, show how they compare to currently established techniques which were designed to realize similar use cases.
Plainly speaking you can consider this talk as a "information security deathmatch - HTML5 vs. its alternative" (spoiler: HTML5 wins).