Overview
Explore a 14-minute conference talk from USENIX Security '24 that presents a groundbreaking framework for detecting security flaws in web browser client-side security mechanisms. Learn how researchers leveraged Web Platform Tests (WPT) to automatically analyze browser execution traces against web security properties expressed in first-order logic. Discover the significant findings where the framework identified 104 test violations across Firefox, Chromium and Safari browsers, leading to 8 security reports and a CVE for Safari. Understand how this automated approach helps protect web applications by validating critical security features like cookie attributes and Mixed Content policies, ultimately contributing to a more secure web browsing experience.
Syllabus
USENIX Security '24 - Web Platform Threats: Automated Detection of Web Security Issues With WPT
Taught by
USENIX