Explore the security implications of browser extensions in this 40-minute conference talk from AppSec EU 2017. Delve into the dual nature of extensions as both useful tools and potential security risks. Examine the current security model for browser extensions and its limitations in addressing user privacy concerns. Learn about the analysis of over 2500 browser extensions, their usage of security features, and examples of high-risk extensions. Understand the threat model from a user perspective and discuss potential improvements to enhance browser extension security. Gain insights into short-term recommendations and enterprise-level strategies for managing extension risks.
The Evil Friend in Your Browser - Browser Extension Security Risks
Overview
Syllabus
Intro
Web Extensions
What are Extensions
Security mechanisms
Extensions
Extension Size
HTTP Headers
Simple Extension
Protecting the integrity
Outlook
Shortterm recommendation
Enterprise recommendation
Questions
Taught by
OWASP Foundation
Related Courses
-
The Evil Friend in Your Browser - Browser Extension Security Risks
-
XHOUND - Quantifying the Fingerprintability of Browser Extensions
-
EmPoWeb - Empowering Web Applications with Browser Extensions
-
Automated Detection of Firefox Extension-Reuse Vulnerabilities
-
What Can Traditional Web App Security Learn From Browser Wallet Extensions?
-
Combining Security Risks of Native and Web Development in Hybrid Apps - AppSec EU 2017
