Dive into an in-depth analysis of Content Security Policy (CSP) vulnerabilities in major web browsers during this 26-minute Black Hat conference talk. Explore the root causes of persistent security bugs that threaten user privacy and attract criminal and governmental interest. Learn about the innovative "BugHog" tool, an open-source automated bisection system developed to conduct a comprehensive lifecycle analysis of 75 CSP-related bugs. Discover key insights into bug prevention and handling practices of browser vendors, including issues with policy inheritance implementation and inter-vendor vulnerability sharing. Uncover surprising findings, such as publicly disclosed security bugs still affecting current major releases of Firefox and Safari. Gain valuable perspectives from both attackers and defenders on improving web browser security and reducing the lifespan of critical vulnerabilities.
Back to the Roots - Finding the Origin of CSP Security Bugs
Overview
Syllabus
Back to the Roots: Finding the Origin of CSP Security Bugs
Taught by
Black Hat
Related Courses
-
Defeating Cross-site Scripting with Content Security Policy 2
-
Mind the CSP Gap: Challenges Developing a Meaningful Content-Security-Policy
-
Bypassing Browser Security Policies for Fun and Profit
-
Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions
-
Making CSP Great Again - Enhancing Content Security Policy
-
Content Security Policy (CSP) - Understanding and Implementing Web Protection
