While all browsers claim to be secure, the truth is that they are under a constant risk of an attack. Although a large portion of that risk comes from using third-party software, browser vendors have a limited understand of all that can be wrong since they didn´t write the code. Additionally, due to their lack of control over such software, even in cases when they determine there is a vulnerability, they often cannot do much about it, especially if their browsers are using Java or Silverlight.
Initially presented at the OWASP 2011 Summit, Browser Security had a goal of bringing together browser vendors, web application providers, renowned white hat hackers and OWASP leaders to discuss what can be done to improve browser security. This working Session is a follow up from that session.
With most browser vendors switching their focus on the issue of user privacy, and a good portion of websites running vulnerable software, browser security is becoming a very important area of application security.
To get a better understanding of today´s browsers and their security landscape, it is necessary to identify both high and low-level security issues.
The purpose of this Working Session is to provide insight into today´s browsers and their security features.
- Web developers
- Application architects
- Browser vendors
- Security professionals
Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):
- <a href=”http://www.owasp.org/images/6/6d/OWASPSummit2011SiteSecurityPolicyBrowserSecurityTrack.pdf>Site Security Policy notes (pdf)</a>
- <a href=”http://www.owasp.org/images/c/cd/OWASPSummit2011HTML5SecurityBrowserSecurityTrack.pdf>HTML5 Security notes (pdf)</a>
Back to list of all Working Sessions and Tracks
Edit this page here