Description: Abstract
The web has a Confused Deputy problem at the heart of many of our hardest security challenges. Tricking a browser or site into using latent credentials and authentication information for other parties and sites is the game and XSS is how it's played. With CSP, sandboxed iframes, and the next version of Chrome Apps, Google is tackling these the challenges for app authors head-on, making it easier than not to build secure apps and removing the potential for confusion by removing ambient authority itself. This talk explores why, how, and when we might finally improve the baseline security level of new apps.
*****
Speaker
Alex Russell, Google
Alex Russell is a software engineer on the Chrome team at Google where he serves on the standards body for JavaScript (ECMA TC39), helps shape new web platform APIs and features, contributes to Chrome for Android and Chrome Frame, and agitates for a better app platform.
Tags: securitytube , hacking , hackers , information security , convention , computer-security , appsecusa , appsecus-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.