'[WEB SECURITY] Paper: "Web application vulnerabilities in context of browser'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    [WEB SECURITY] Paper: "Web application vulnerabilities in context of browser
From:       Taras <oxdef () oxdef ! info>
Date:       2011-01-16 19:56:37
Message-ID: 1295207797.2395.22.camel () moon
[Download RAW message or body]

Hi, all!

I just have finished small paper [0] about "Web application
vulnerabilities in context of browser extensions" (Chrome part). I
think you may be interested in it.  Suggestions and comments are
welcome!

------------

"Current days Google Chrome web browser becomes more and more popular.
It is really fast, easy-to-use and in same time powerful browser. I will
not write about whole security architecture of Chrome. There is a good
article about it by Larry Seltzer called "Google's Chrome Extensions
Show Security Focus". Let's focus our attention on Chrome extensions
platform. Like Mozilla Firefox Chrome supports extensions or addons,
which makes your web surfing with it more comfortable.

What are extensions in Google Chrome browser? Extensions are small
software programs that can modify and enhance the functionality of the
Chrome browser. Developers writes them using well-know web technologies
such as HTML, JavaScript (including HTML5 features) and CSS. Using of
such technologies of course makes developing ease. But what security
risks they will bring to us?..."

[0] http://oxdef.info/papers/ext/chrome.html (or PDF version
http://oxdef.info/papers/ext/chrome.pdf)

-- 
Taras
http://oxdef.info
----
"Software is like sex: it's better when it's free." - Linus Torvalds



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe@webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn 
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic