Modern Application Frameworks, Legacy Browsers and Security Implications

In Cybersecurity, Web Development by Ian0 Comments

This entry is part 5 of 8 in the series Intrusion Detection

I was recently sent an article titled ‘How it feels to learn JavaScript in 2016’. Aguinaga, J. (2016).  It is a somewhat amusing take on the current state of JavaScript frameworks and libraries available to web developers and how this environment is changing so quickly. All quirks aside, modern application frameworks provide us with much interactivity and web functionality we take for granted. The modern web browser has to cope with these advancements and continue to evolve to meet the demands of its users and developers. In the Federal government and other organizations that are not able to update their software systems to keep up with the pace, libraries called polyfills have been created to add functionality to legacy browsers that were never designed to run such rich modern web applications. Modernizr is one of the most popular HTML5 polyfills available as open source software at https://github.com/Modernizr.

Other than keeping older browsers up to date in order to cope with new application frameworks, security implications also must be considered. On January 2016, Microsoft stopped supporting legacy versions of Internet Explorer. This included versions 10 and below. They issued a statement warning that continuous use of Internet Explorer 10, 9 and 8 would leave individuals “at risk of viruses and other malicious software that exploit security flaws and bugs in browsers.”. In January, FedTech also released an article regarding the use of older versions of Internet Explorer being used by government workers and users of Federal websites. Their article warned of the increase in potential vulnerabilities. In the same month, HIPPA Journal released a statement warning that use of Internet Explorer 10 and below would be a violation of HIPAA rules. As of September 2016, market share for IE 8 and 9 combined was less than 9%. Net Market Share (2016).

Organizations both in the public and private sector must continue to adapt in order to keep their infrastructure compatible with newer and not even necessarily bleeding edge technology. They must also realize the vulnerabilities left open if they continue to support legacy browsers that have been abandoned (in terms of support and security patches) by their vendors in order to mitigate potential security threats.

References

  • Aguinaga, J. (2016). How it feels to learn JavaScript in 2016. Retrieved from: https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f#.io0uqram3
  • Goldstein, P. (2016). Federal Government Websites Attracting 7.2 Percent of Traffic from Old Internet Explorer Browsers. Retrieved from: http://www.fedtechmagazine.com/article/2016/01/federal-government-websites-attracting-72-traffic-old-internet-explorer-browsers
  • HIPPA Journal. (2016). Upgrade Internet Explorer to Remain HIPAA Compliant. Retrieved from: http://www.hipaajournal.com/upgrade-internet-explorer-to-remain-hipaa-compliant-8259/
  • Microsoft. (2016). Support for older versions of Internet Explorer ended on January 12th, 2016. Retrieved from: https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
  • Net Market Share (2016). Desktop Browser Version Market Share. Retrieved from: https://www.netmarketshare.com/browser-market-share.aspx?qprid=2&qpcustomd=0
Series Navigation<< Two Common Router Security ThreatsWhat are Covert Channels? >>

Leave a Comment