Browser Security


While all browsers claim to be secure, the truth is that they are under a constant risk of an attack. Although a large portion of that risk comes from using third-party software, browser vendors have a limited understand of all that can be wrong since they didn´t write the code. Additionally, due to their lack of control over such software, even in cases when they determine there is a vulnerability, they often cannot do much about it, especially if their browsers are using Java or Silverlight.

Why

Initially presented at the OWASP 2011 Summit, Browser Security had a goal of bringing together browser vendors, web application providers, renowned white hat hackers and OWASP leaders to discuss what can be done to improve browser security. This working Session is a follow up from that session.

What

With most browser vendors switching their focus on the issue of user privacy, and a good portion of websites running vulnerable software, browser security is becoming a very important area of application security.

To get a better understanding of today´s browsers and their security landscape, it is necessary to identify both high and low-level security issues.

Outcomes

The purpose of this Working Session is to provide insight into today´s browsers and their security features.

Who

  • Web developers
  • Application architects
  • Browser vendors
  • Security professionals

References

OWASP 2011 Browser Security Track


Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):

  • <a href=”http://www.owasp.org/images/6/6d/OWASPSummit2011SiteSecurityPolicyBrowserSecurityTrack.pdf>Site Security Policy notes (pdf)</a>
  • <a href=”http://www.owasp.org/images/c/cd/OWASPSummit2011HTML5SecurityBrowserSecurityTrack.pdf>HTML5 Security notes (pdf)</a>

Content

…add content…



Back to list of all Working Sessions and Tracks

Edit this page here