Description: Abstract
I created what became known as the browser "Same-Origin Policy" (SOP) under duress for Netscape 2, 3, and 4 in the mid-nineties.SOP was intended to preserve the integrity of a user/website session against interference from untrusted other sites. As the web evolved, SOP split from a single precise policy into several variations on a theme, but it remains the default browser content security policy framework. I will review SOP's vulnerabilities and its "patches" that were intended to mitigate those avenues of attack. I will close by suggesting an extension to SOP that labels scripts loaded cross-site with origins that are distinguishable from (yet related to) the origin of the including web page or application.
*****
Speaker
Brendan Eich, Chief Technology Officer, Mozilla
Brendan Eich is CTO of Mozilla and widely recognized for his enduring contributions to the Internet revolution. In 1995, Eich invented JavaScript (ECMAScript), the Internet’s most widely used programming language. He also co-founded the mozilla.org project in 1998, serving as chief architect. Eich helped launch the award winning Firefox Web browser in November 2004 and Thunderbird e-mail client in December 2004. Today, Eich’s central focus is guiding the future technical work to keep Mozilla vit…
Tags: securitytube , hacking , hackers , information security , convention , computer-security , appsecusa , appsecus-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.