Xavier Santolaria's Library tagged browser →  View Popular, Search in Google

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

mozilla web csp security xss browser

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

security web shodan xss browser

Although the Firefox team has an entire page on the mozilla.com website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

browser mozilla firefox chrome web hsts

Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.

cansecwest pwn2own microsoft browser web security

Research in Motion’s recent decision to add a WebKit browser to BlackBerry has immediately backfired.

cansecwest pwn2own blackberry security exploit browser

Charlie Miller kept his Pwn2Own winning streak intact with another successful hack of an Apple product.

cansecwest pwn2own apple iphone security exploit browser

Here are a few observations regarding some browsers and their SSL/TLS implementations.

browser security ssl tls

A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple’s Safari browser to win this year’s Pwn2Own hacker challenge.

pwn2own security infosec browser apple safari macosx

Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.

pwn2own security infosec browser windows

It's that time of year again and the Zero Day Initiative (ZDI) team here at HP TippingPoint is proud to announce the 5th annual Pwn2Own competition is back.

tippingpoint dvlabs zdi pwn2own browser mobile

It’s about assurance. It’s about establishing a degree of trust in a site’s legitimacy that’s sufficient for you to confidently transmit and receive data with the knowledge that it’s reaching its intended destination without being intercepted or manipulated in the process.

security web browser ssl

Modern browsers are incredibly complex beasts, pushed well beyond their intended limits - and in that capacity, broken in more ways than we can imagine. We are only beginning to scratch the surface of all the design problems ahead of us - say, new and unexpected classes of UI vulnerabilities - but even within the bounds of what we understand and know how to fix, some fascinating and very human discourse patterns emerge... and will ultimately shape the future of the web.

infosec security web browser html5

" am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many of said bugs exploitable - and is still finding more. "

browser security fuzzing

"An online Python shell for your Chrome browser. "

google chrome browser python shell programming

"Exploit code for the vulnerability has been added to the Metasploit tool and a video has been posted to provide a demo of the severity."

hacking browser metasploit security exploit

"Brian Kennish traded his job at Google for a table at Starbucks, where he works on his privacy software called Disconnect."

google privacy browser

Security Browser Programming

Browser Google