Advertisement
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS
Browser security — ROOTS

Check these out next

Web browsers and web servers
Web browsers and web servers
Angelica Amolo
Browsers
Browsers
Steven Cahill
Web Browsers
Web Browsers
Neha Sharma
Web browsers
Web browsers
learnt
browser presentation
browser presentation
ashanrajpar
Web browsers
Web browsers
DHANALAKSHMI TALLURI
difference between browsers
difference between browsers
mubeen shahid
Web browser by group no 03 capt palliyaguru
Web browser by group no 03 capt palliyaguru
praeeth palliyaguru
1 of 16

Browser security — ROOTS

Apr. 24, 2012
Download to read offline
Technology

Lightning speach on Browser security at the ROOTS conference 2012

Andre N. Klingsheim
Self employed consultant
Advertisement
Advertisement
Advertisement

Recommended

Web browserWeb browser
Web browserHardik Kakadiya54.8K views17 slides
Browsers comparisonBrowsers comparison
Browsers comparisonSvetlana Puchkova1.5K views16 slides
Top 10 Internet BrowsersTop 10 Internet Browsers
Top 10 Internet BrowsersDivyansh Vaidya2.4K views13 slides
Web browsersWeb browsers
Web browsersRamon Olmos6.1K views17 slides
Web BrowserWeb Browser
Web BrowserShreeram Goswami958 views43 slides
Web browser pdfWeb browser pdf
Web browser pdfRavi Kumar23.9K views10 slides

More Related Content

Slideshows for you(20)

Web browsers and web serversWeb browsers and web servers
Web browsers and web servers
Angelica Amolo2.9K views
BrowsersBrowsers
Browsers
Steven Cahill2K views
Web BrowsersWeb Browsers
Web Browsers
Neha Sharma39.8K views
Web browsersWeb browsers
Web browsers
learnt696 views
browser presentationbrowser presentation
browser presentation
ashanrajpar2.9K views
Web browsersWeb browsers
Web browsers
DHANALAKSHMI TALLURI8.3K views
difference between browsersdifference between browsers
difference between browsers
mubeen shahid780 views
Web browser by group no 03 capt palliyaguruWeb browser by group no 03 capt palliyaguru
Web browser by group no 03 capt palliyaguru
praeeth palliyaguru317 views
Web BrowsersWeb Browsers
Web Browsers
Studying429 views
Research on Web Browsers pptResearch on Web Browsers ppt
Research on Web Browsers ppt
Sagar Agarwal10.4K views
Web browser Web browser
Web browser
Yousaf Sahota712 views
Web browser(pp ts)Web browser(pp ts)
Web browser(pp ts)
darpan111810K views
Internet browers comparisonInternet browers comparison
Internet browers comparison
ferristic1.5K views
Web browsersWeb browsers
Web browsers
Orlando Periñan2.3K views
Browser SecurityBrowser Security
Browser Security
Roberto Suggi Liverani15.9K views
Web Browser ! Batra Computer CentreWeb Browser ! Batra Computer Centre
Web Browser ! Batra Computer Centre
jatin batra502 views
India's First Web browserIndia's First Web browser
India's First Web browser
ranjith0076.4K views
Browser warBrowser war
Browser war
Amandeep Kaur2.5K views
Research on Web BrowsersResearch on Web Browsers
Research on Web Browsers
Sagar Agarwal9.7K views
WEB BROWSERWEB BROWSER
WEB BROWSER
Chanchal Pawar560 views

Viewers also liked(20)

Browser Security 101 Browser Security 101
Browser Security 101
Stormpath2.1K views
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test Results
NSS Labs723 views
Web SecurityWeb Security
Web Security
Bharath Manoharan78.8K views
Internet SecurityInternet Security
Internet Security
Chris Rodgers17K views
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali41.7K views
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Works
trusteer10.3K views
Best topics for seminarBest topics for seminar
Best topics for seminar
shilpi nagpal502.5K views
Internet SecurityInternet Security
Internet Security
Peter R. Egli10.6K views
Intrusion toleranceIntrusion tolerance
Intrusion tolerance
samuelrajueda1.3K views
Googlechrome pptGooglechrome ppt
Googlechrome ppt
abshah378.6K views
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA2.3K views
Network SecurityNetwork Security
Network Security
Manoj Singh10.8K views
TOR NETWORKTOR NETWORK
TOR NETWORK
Rishikese MR7.5K views
FOR SCREEN BY ANURAG SINGH (8318130325)FOR SCREEN BY ANURAG SINGH (8318130325)
FOR SCREEN BY ANURAG SINGH (8318130325)
anurag singh anu10.8K views
E ball pptE ball ppt
E ball ppt
Mukesh Kumar18.6K views
Blue Eyes TechnologyBlue Eyes Technology
Blue Eyes Technology
Colloquium37.9K views
Blue eye technologyBlue eye technology
Blue eye technology
krishnadeepika0128.2K views
Compiler DesignCompiler Design
Compiler Design
Mir Majid 45.7K views
Smart Glass Technology by KiranSmart Glass Technology by Kiran
Smart Glass Technology by Kiran
Kiran6.9K views
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORT
Vikas Kumar39.4K views
Advertisement

Similar to Browser security — ROOTS(20)

Html5 Application SecurityHtml5 Application Security
Html5 Application Security
chuckbt2.2K views
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
Andre N. Klingsheim1.5K views
Top 12 lightest web browsers on computers for weak computers.pdfTop 12 lightest web browsers on computers for weak computers.pdf
Top 12 lightest web browsers on computers for weak computers.pdf
shakeel ahmed65 views
14_526_topic11.ppt14_526_topic11.ppt
14_526_topic11.ppt
ssuserec53e733 views
14_526_topic11.ppt14_526_topic11.ppt
14_526_topic11.ppt
ssuserec53e731 view
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON2.3K views
Advanced Chrome extension exploitationAdvanced Chrome extension exploitation
Advanced Chrome extension exploitation
Krzysztof Kotowicz9.7K views
Web security for app developersWeb security for app developers
Web security for app developers
Pablo Gazmuri6.6K views
Html5 securityHtml5 security
Html5 security
Krishna T2.6K views
Introduction to HTML5 and CSS3 (revised)Introduction to HTML5 and CSS3 (revised)
Introduction to HTML5 and CSS3 (revised)
Joseph Lewis10.6K views
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to HelpTowards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Towards a More Secure, Reliable, and Performant Web: Tools / Approaches to Help
Stephen Donner1.3K views
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Divyanshu Shukla791 views
Web development tips and tricksWeb development tips and tricks
Web development tips and tricks
maxo_64582 views
FlashackFlashack
Flashack
n|u - The Open Security Community2.4K views
Frontend State of the unionFrontend State of the union
Frontend State of the union
Filip Bruun Bech-Larsen100 views
HTML5 - The Promise & The PerilHTML5 - The Promise & The Peril
HTML5 - The Promise & The Peril
Security Innovation105 views
QA: Базовое тестирование защищенности веб-приложений в рамках QAQA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QA
CodeFest1.4K views
Front end for back end developersFront end for back end developers
Front end for back end developers
Wojciech Bednarski2K views
Codefest2015Codefest2015
Codefest2015
Denis Kolegov1.5K views
Cloudflare and Drupal - fighting bots and traffic peaksCloudflare and Drupal - fighting bots and traffic peaks
Cloudflare and Drupal - fighting bots and traffic peaks
Łukasz Klimek4.5K views

Recently uploaded(20)

Change your architecture during deploymentChange your architecture during deployment
Change your architecture during deployment
Dennis van der Stelt0 views
Level Up Your Property and Investment Management Workflows Level Up Your Property and Investment Management Workflows
Level Up Your Property and Investment Management Workflows
AppFolio0 views
On the Cloud? Data Integrity for Insurers in Cloud-Based PlatformsOn the Cloud? Data Integrity for Insurers in Cloud-Based Platforms
On the Cloud? Data Integrity for Insurers in Cloud-Based Platforms
Precisely0 views
Hologram Hologram
Hologram
Butterfly education 0 views
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
Jose Manuel Ortega Candel0 views
Python Sets_Dictionary.pptxPython Sets_Dictionary.pptx
Python Sets_Dictionary.pptx
M Vishnuvardhan Reddy0 views
Python Operators.pptxPython Operators.pptx
Python Operators.pptx
M Vishnuvardhan Reddy0 views
Vin secure solutions PPT (1).pdfVin secure solutions PPT (1).pdf
Vin secure solutions PPT (1).pdf
vin secure solutions0 views
Future Managers with New Technology.pptxFuture Managers with New Technology.pptx
Future Managers with New Technology.pptx
Simhadri Bhavana0 views
W-2-Ch-2-Intro to Power plants.pptW-2-Ch-2-Intro to Power plants.ppt
W-2-Ch-2-Intro to Power plants.ppt
vishnoo70 views
Untitled presentation.pdfUntitled presentation.pdf
Untitled presentation.pdf
SompriyaNarayanaTiwa0 views
Qualys APIQualys API
Qualys API
Giacomo Cocozziello0 views
Enterprise Conferencing Solutions PPT.pptxEnterprise Conferencing Solutions PPT.pptx
Enterprise Conferencing Solutions PPT.pptx
Suma Soft Pvt. Ltd.0 views
SEARCH-ENGINE-OPTIMIZATION-SEO-BEGINNERS-TOOLS(1).pdfSEARCH-ENGINE-OPTIMIZATION-SEO-BEGINNERS-TOOLS(1).pdf
SEARCH-ENGINE-OPTIMIZATION-SEO-BEGINNERS-TOOLS(1).pdf
GeraldNsofor0 views
Python Control Structures.pptxPython Control Structures.pptx
Python Control Structures.pptx
M Vishnuvardhan Reddy0 views
Trane THT2212-SPST Therm Cutoff; 265Op 35C-PartsHnC.pdfTrane THT2212-SPST Therm Cutoff; 265Op 35C-PartsHnC.pdf
Trane THT2212-SPST Therm Cutoff; 265Op 35C-PartsHnC.pdf
PartsHnC Hvac Parts0 views
Cloud Forensics and Incident Response Training.pdfCloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdf
Christopher Doman0 views
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
Jose Manuel Ortega Candel0 views
Digital Mining Solutions Simplified With VTPLDigital Mining Solutions Simplified With VTPL
Digital Mining Solutions Simplified With VTPL
UpasnaBagrodia0 views
Developing Using Meta Pool in AuroraDeveloping Using Meta Pool in Aurora
Developing Using Meta Pool in Aurora
Neven60 views
Advertisement

Browser security — ROOTS

  1. The browser - your best friend and worst enemy Roots Conference Bergen 23. May 2011 André N.Klingsheim IT security specialist, PhD
  2. Lightning overview • How important is browser security? • Security challenges • Modern security features 2
  3. Why the web «works» • Same-origin policy – Isolates websites – The reason you can safely visit rootsconf.no and skandiabanken.no simultaneously in the browser – We have to fully trust the browser to enforce this • SSL/TLS – Secure communication: website authentication, generate secure keys, choose crypto... 3
  4. The browser is your enemy: MODERN SECURITY CHALLENGES 4
  5. Man-in-the browser How did the man get in the • Malicious code running in browser?!? browser http://googlechromereleases.blogspot. com/2011/04/stable-channel- – The friendly browser update.html suddenly becomes evil 5
  6. The browser is your friend: MODERN SECURITY FEATURES 6
  7. Working alone • Google Chrome sandboxing – Rendering process – Sandboxing underway for Flash and PDF plugins • Internet Explorer 9 tab isolation – Pinned sites load in isolated process • Minimize damage caused by a compromize 7
  8. Working for the website • Special treatment for cookies: secure, httpOnly • Website can include «security» headers in HTTP response • Triggers security features in browser • «Invisible» to user • Headers coming up! 8
  9. STS HTTP-header 9
  10. X-Frame-Options HTTP header 10
  11. Compensating for website security bugs • Security features designed to detect and/or prevent webapp security holes 11
  12. X-Content-Type-Options HTTP header 12
  13. X-XSS-Protection HTTP header 13
  14. X-Content-Security-Policy HTTP header • Firefox Content Security Policy – Block inline scripts on webpage – Block code creation for strings (eval()) – Prevents XSS 14
  15. References • http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html • https://sites.google.com/a/chromium.org/dev/Home/chromium-security/brag-sheet • Pinned sites: http://msdn.microsoft.com/en-us/library/gg131029(v=vs.85).aspx • https://wiki.mozilla.org/Security/CSP/Specification#User_Agent_Behavior • X-XSS-Protection: http://msdn.microsoft.com/en-us/library/cc288472(v=vs.85).aspx#_replace • Not a complete list so remember: Google is your friend 15
  16. Thank you! • Find me online: – andre.klingsheim (at) skandiabanken (dot) no – Blog: www.dotnetnoob.com – Twitter: @klingsen 16
Advertisement