Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
Back To Schedule
Friday, August 23 • 2:40pm - 3:10pm
Origin Policy Enforcement in Modern Browsers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Same Origin Policy is the foremost security policy in all browsers. Like
most browser code, it underwent a significant amount of changes to keep up with
the recent development for HTML5. This talk covers the Same Origin Policy
implemented in modern browsers. It goes into detail where browsers behave
similarly and where differences occur. The presentation of noteworthy
exceptions, regardless of whether they are intended or have evolved out of
legacy features, is then followed by an analysis of previous flaws. We identify
parsing mismatches as the key source of policy bypasses and suggest methods to
analyze and test browser code with regard to this discovery. The talk also gives
an outlook into things that may come and evaluates the origin as a measure to
bind authority for HTML5 APIs. Using our methods we have also identified
security issues in the Java Runtime Environment and Mozilla Firefox, which will
be presented in the end


Friday August 23, 2013 2:40pm - 3:10pm CEST
Großer Saal