Overview
Explore the evolving landscape of browser security in this 24-minute JSConf EU 2014 talk by Frederik Braun. Delve into the shift from traditional hypertext to web applications and the resulting security challenges. Examine the current browser security model in modern user agents, covering both legacy features and recent additions to HTML5 APIs. Gain insights into expected enhancements in browser security and learn about common bypasses and shortcomings of existing security mechanisms. Topics covered include HTTPS, Strict Transport, Thread Model, Meta Tags, Cross-site scripting filters, frame disallowing, Content Delivery Networks, and more. Understand the ongoing struggle to maintain security in an increasingly complex web environment.
Syllabus
Intro
Web Browser
HTTPS
Strict Transport
Thread Model
Meta Tags
Crosssite scripting filters
disallowframing
Crosssite scripting
Content delivery networks
Conclusion
Taught by
JSConf