HTML 5 is the latest incarnation of the HTML standard. While HTML 5 brings with it a number of security issues that have served as fodder for widespread criticism, HTML 5 also includes quite a few important security advances. Although rarely mentioned, HTML 5 has the capability to completely eliminate one of the most common classes of web application vulnerabilities: cross site scripting (XSS). HTML 5 also includes helpful sandboxing modes and other safety features. This talk will press beyond the hype and examine some of the new features of HTML 5, explain how they work, and relevant security issues. The intent of the presentation is to familiarize the audience with the new, security related aspects of HTML 5 and how they will change the security landscape, for better and for worse, in web applications.