• Save
Browsers: Reloaded - A Look at Next Generation Web Browsers
Upcoming SlideShare
Loading in...5
×
 

Browsers: Reloaded - A Look at Next Generation Web Browsers

on

  • 1,624 views

There are a bunch of new "web browsers" hitting the market; some of them even claim to be more "secure"... but are they? What's preventing security from happening.

There are a bunch of new "web browsers" hitting the market; some of them even claim to be more "secure"... but are they? What's preventing security from happening.

Statistics

Views

Total Views
1,624
Views on SlideShare
1,596
Embed Views
28

Actions

Likes
1
Downloads
0
Comments
0

6 Embeds 28

http://preachsecurity.blogspot.com 18
https://www.linkedin.com 4
http://www.slideshare.net 2
http://www.linkedin.com 2
http://nclc.blackboard.com 1
http://blog.wh1t3rabbit.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Browsers: Reloaded - A Look at Next Generation Web Browsers Browsers: Reloaded - A Look at Next Generation Web Browsers Presentation Transcript

  • Browsers: Reloaded Rafal M. Los Web Application Security SME Hewlett-Packard Application Security Center May 18th, 2009
  • In the future, the battle for control of your online computing experience will be fought in your browser.
  • Overloaded, Overworked, Broken Browser “extensibility” is duct tape & bubble gum Consider how many plug-ins most browsers have-
  • What Do Consumers Want? 1 st Functionality. Then Security made simple. (maybe) Why is this so hard?
  • Why Can’t It Just Work? Functional Secure •“neat” tech •“trusted” tech •Interoperable •Minimalistic •Interactive approach •Extensible Is middle ground just failure for both?
  • Usable Security Users want security features they don’t need to “think” about – “It should just be secure without my help” – Make “security decisions” without compromising the browsing experience – Protect the user from him/herself – … is this even possible?
  • Example: Why NoScript Fails NoScript is security via “plug in” – Fails because • Blocks all script by default • Breaks functionality for the user • Requires the user to make security decisions! – Most common users simply “enable all JS”… • …and are back to square 1 – How many regular users do you know use NoScript?
  • FireFox? IE? Safari? Chrome? With all these options, how is a person to choose the right one? While every browser claims to be “more secure”, what does that mean? Is there a legitimate reason for your browser to have a task manager?
  • Example: Chrome’s Tabs Should your sessions persist across multiple tabs? Windows?
  • Example: Chrome’s Tabs What do you suppose is the result?
  • Example: Chrome’s Tabs
  • Browser Wish List • Browser framework itself resilient to attack – One window/tab can’t crash another? • Reduced attack surface for plug-ins – Limit how much damage a plug-in can do • No session persistence across windows/tabs – Why does this even exist today? • Basic security features? – Provide basic defense against client-side attacks
  • Are Modern Browsers Secure? No. Internet Explorer, FireFox, Chrome, Safari … all have the same basic flaws.
  • Rafal Los HP Application Security Center Email: Rafal@HP.com Direct: (404) 606-6056 Twitter: RafalLos Blog: http://www.communities.hp.com/securitysoftware/blogs/rafal