Browser Security

While all browsers claim to be secure, the truth is that they are under a constant risk of an attack. Although a large portion of that risk comes from using third-party software, browser vendors have a limited understand of all that can be wrong since they didn´t write the code. Additionally, due to their lack of control over such software, even in cases when they determine there is a vulnerability, they often cannot do much about it, especially if their browsers are using Java or Silverlight.


Initially presented at the OWASP 2011 Summit, Browser Security had a goal of bringing together browser vendors, web application providers, renowned white hat hackers and OWASP leaders to discuss what can be done to improve browser security. This working Session is a follow up from that session.


With most browser vendors switching their focus on the issue of user privacy, and a good portion of websites running vulnerable software, browser security is becoming a very important area of application security.

To get a better understanding of today´s browsers and their security landscape, it is necessary to identify both high and low-level security issues.


The purpose of this Working Session is to provide insight into today´s browsers and their security features.


  • Web developers
  • Application architects
  • Browser vendors
  • Security professionals


OWASP 2011 Browser Security Track

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):

  • <a href=”>Site Security Policy notes (pdf)</a>
  • <a href=”>HTML5 Security notes (pdf)</a>


…add content…

Back to list of all Working Sessions and Tracks

Edit this page here