Explore a 14-minute conference talk from USENIX Security '24 that presents a groundbreaking framework for detecting security flaws in web browser client-side security mechanisms. Learn how researchers leveraged Web Platform Tests (WPT) to automatically analyze browser execution traces against web security properties expressed in first-order logic. Discover the significant findings where the framework identified 104 test violations across Firefox, Chromium and Safari browsers, leading to 8 security reports and a CVE for Safari. Understand how this automated approach helps protect web applications by validating critical security features like cookie attributes and Mixed Content policies, ultimately contributing to a more secure web browsing experience.
Web Platform Threats: Automated Detection of Web Security Issues with WPT
Overview
Syllabus
USENIX Security '24 - Web Platform Threats: Automated Detection of Web Security Issues With WPT
Taught by
USENIX
Related Courses
-
Discover Web Application Security Issues using Burp Proxy
-
Rise of Inspectron: Automated Black-box Auditing of Cross-platform Electron Applications
-
WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web
-
EmPoWeb - Empowering Web Applications with Browser Extensions
-
Back to the Roots - Finding the Origin of CSP Security Bugs
-
Bypassing Browser Policies and Privacy Extensions for Cookies
