Your SlideShare is downloading. ×
Browsers: Reloaded - A Look at Next Generation Web Browsers
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Browsers: Reloaded - A Look at Next Generation Web Browsers

843
views

Published on

There are a bunch of new "web browsers" hitting the market; some of them even claim to be more "secure"... but are they? What's preventing security from happening.

There are a bunch of new "web browsers" hitting the market; some of them even claim to be more "secure"... but are they? What's preventing security from happening.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
843
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Browsers: Reloaded Rafal M. Los Web Application Security SME Hewlett-Packard Application Security Center May 18th, 2009
  • 2. In the future, the battle for control of your online computing experience will be fought in your browser.
  • 3. Overloaded, Overworked, Broken Browser “extensibility” is duct tape & bubble gum Consider how many plug-ins most browsers have-
  • 4. What Do Consumers Want? 1 st Functionality. Then Security made simple. (maybe) Why is this so hard?
  • 5. Why Can’t It Just Work? Functional Secure •“neat” tech •“trusted” tech •Interoperable •Minimalistic •Interactive approach •Extensible Is middle ground just failure for both?
  • 6. Usable Security Users want security features they don’t need to “think” about – “It should just be secure without my help” – Make “security decisions” without compromising the browsing experience – Protect the user from him/herself – … is this even possible?
  • 7. Example: Why NoScript Fails NoScript is security via “plug in” – Fails because • Blocks all script by default • Breaks functionality for the user • Requires the user to make security decisions! – Most common users simply “enable all JS”… • …and are back to square 1 – How many regular users do you know use NoScript?
  • 8. FireFox? IE? Safari? Chrome? With all these options, how is a person to choose the right one? While every browser claims to be “more secure”, what does that mean? Is there a legitimate reason for your browser to have a task manager?
  • 9. Example: Chrome’s Tabs Should your sessions persist across multiple tabs? Windows?
  • 10. Example: Chrome’s Tabs What do you suppose is the result?
  • 11. Example: Chrome’s Tabs
  • 12. Browser Wish List • Browser framework itself resilient to attack – One window/tab can’t crash another? • Reduced attack surface for plug-ins – Limit how much damage a plug-in can do • No session persistence across windows/tabs – Why does this even exist today? • Basic security features? – Provide basic defense against client-side attacks
  • 13. Are Modern Browsers Secure? No. Internet Explorer, FireFox, Chrome, Safari … all have the same basic flaws.
  • 14. Rafal Los HP Application Security Center Email: Rafal@HP.com Direct: (404) 606-6056 Twitter: RafalLos Blog: http://www.communities.hp.com/securitysoftware/blogs/rafal

×