Search

Browsers: Reloaded - A Look at Next Generation Web Browsers

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Favorites, Groups & Events

    Browsers: Reloaded - A Look at Next Generation Web Browsers - Presentation Transcript

    1. Browsers: Reloaded Rafal M. Los Web Application Security SME Hewlett-Packard Application Security Center May 18th, 2009
    2. In the future, the battle for control of your online computing experience will be fought in your browser.
    3. Overloaded, Overworked, Broken Browser “extensibility” is duct tape & bubble gum Consider how many plug-ins most browsers have-
    4. What Do Consumers Want? 1 st Functionality. Then Security made simple. (maybe) Why is this so hard?
    5. Why Can’t It Just Work? Functional Secure •“neat” tech •“trusted” tech •Interoperable •Minimalistic •Interactive approach •Extensible Is middle ground just failure for both?
    6. Usable Security Users want security features they don’t need to “think” about – “It should just be secure without my help” – Make “security decisions” without compromising the browsing experience – Protect the user from him/herself – … is this even possible?
    7. Example: Why NoScript Fails NoScript is security via “plug in” – Fails because • Blocks all script by default • Breaks functionality for the user • Requires the user to make security decisions! – Most common users simply “enable all JS”… • …and are back to square 1 – How many regular users do you know use NoScript?
    8. FireFox? IE? Safari? Chrome? With all these options, how is a person to choose the right one? While every browser claims to be “more secure”, what does that mean? Is there a legitimate reason for your browser to have a task manager?
    9. Example: Chrome’s Tabs Should your sessions persist across multiple tabs? Windows?
    10. Example: Chrome’s Tabs What do you suppose is the result?
    11. Example: Chrome’s Tabs
    12. Browser Wish List • Browser framework itself resilient to attack – One window/tab can’t crash another? • Reduced attack surface for plug-ins – Limit how much damage a plug-in can do • No session persistence across windows/tabs – Why does this even exist today? • Basic security features? – Provide basic defense against client-side attacks
    13. Are Modern Browsers Secure? No. Internet Explorer, FireFox, Chrome, Safari … all have the same basic flaws.
    14. Rafal Los HP Application Security Center Email: Rafal@HP.com Direct: (404) 606-6056 Twitter: RafalLos Blog: http://www.communities.hp.com/securitysoftware/blogs/rafal

    + Rafal LosRafal Los, 6 months ago

    custom

    369 views, 0 favs, 1 embeds more stats

    There are a bunch of new "web browsers" hitting the more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 369
      • 354 on SlideShare
      • 15 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 0
    Most viewed embeds
    • 15 views on http://preachsecurity.blogspot.com

    more

    All embeds
    • 15 views on http://preachsecurity.blogspot.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved