Origin(al) Sins

Presented at AppSec USA 2012, Oct. 26, 2012, 3 p.m. (45 minutes)

The web has a Confused Deputy problem at the heart of many of our hardest security challenges. Tricking a browser or site into using latent credentials and authentication information for other parties and sites is the game and XSS is how it's played. With CSP, sandboxed iframes, and the next version of Chrome Apps, Google is tackling these the challenges for app authors head-on, making it easier than not to build secure apps and removing the potential for confusion by removing ambient authority itself. This talk explores why, how, and when we might finally improve the baseline security level of new apps.

Presenters:

• Alex Russell - Google
  Alex Russell is a software engineer on the Chrome team at Google where he serves on the standards body for JavaScript (ECMA TC39), helps shape new web platform APIs and features, contributes to Chrome for Android and Chrome Frame, and agitates for a better app platform.

Links:

• https://appsecusa2012.sched.com/event/150mG8F/original-sins
• https://infocon.org/cons/OWASP/AppSecUSA 2012/Origin(al) Sins.mp4

Similar Presentations:

• VB2016 / Wild Android Collusions
• VB2018 / Little Brother is watching - we know all your secrets!
• May Contain Hackers (MCH2022) / Your Data From Period-Tracking Apps May Be Used Against You