Explore the evolving landscape of browser security in this 24-minute JSConf EU 2014 talk by Frederik Braun. Delve into the shift from traditional hypertext to web applications and the resulting security challenges. Examine the current browser security model in modern user agents, covering both legacy features and recent additions to HTML5 APIs. Gain insights into expected enhancements in browser security and learn about common bypasses and shortcomings of existing security mechanisms. Topics covered include HTTPS, Strict Transport, Thread Model, Meta Tags, Cross-site scripting filters, frame disallowing, Content Delivery Networks, and more. Understand the ongoing struggle to maintain security in an increasingly complex web environment.
Overview
Syllabus
Intro
Web Browser
HTTPS
Strict Transport
Thread Model
Meta Tags
Crosssite scripting filters
disallowframing
Crosssite scripting
Content delivery networks
Conclusion
Taught by
JSConf
Related Courses
-
HTTP Security Headers You Need To Have On Your Web Apps
-
HTTP Headers - The Simplest Security
-
Modern Web Application Defense with OWASP Tools
-
Content Security Policies - Let's Break Stuff
-
Building Layers of Defense with Spring Security
-
Don't Trust the DOM - Bypassing XSS Mitigations via Script Gadgets
