Hi folks,
I don't normally spam mailing lists with commercial crap - but I'm
actually sort of proud of this one, I think it's sort of unique and
may be of interest to many readers... so let's see if the moderator is
asleep?
Long story short, I wanted to plug "The Tangled Web" - a book that
partly inspired by my 2008 Browser Security Handbook
(http://code.google.com/p/browsersec/). TTW is probably the first-ever
reasonably detailed examination of the browser security model and its
evolution through the years, covering everything from frame navigation
policies and some of the less known quirks of plugin handling and
content sniffing, to many of the current and upcoming HTML5 features.
In addition to that, I think it outlines quite a few novel challenges
that I think will shape the future of web security, e.g.:
http://lcamtuf.blogspot.com/2010/08/on-designing-uis-for-non-robots.html
http://lcamtuf.blogspot.com/2011/08/subtle-deadly-problem-with-csp.html
And as a final bonus for bug hunters, it also highlights a bunch of
previously unpublished security issues, such as this Opera origin
inheritance flaw (reported in Mar 2011, and fixed not that long ago):
PoC: http://lcamtuf.coredump.cx/inherit/opera.html
Advisory: http://www.opera.com/support/kb/view/995/
For sample chapters, endorsements, etc, you can go there:
http://lcamtuf.coredump.cx/tangled/
Feedback welcome. It's far less of a viable commercial project, and
more of an attempt to just document the current state of affairs.
/mz
I don't normally spam mailing lists with commercial crap - but I'm
actually sort of proud of this one, I think it's sort of unique and
may be of interest to many readers... so let's see if the moderator is
asleep?
I'm awake :)
So I don't normally allow posts like this through as you
However, it is difficult to find (in one location) the differences between
the browsers as well as a write up of the browsersec model. For this
reason I allowed the post as others (including myself) would find it
useful.
Regards,
Long story short, I wanted to plug "The Tangled Web" - a book that
partly inspired by my 2008 Browser Security Handbook
(http://code.google.com/p/browsersec/). TTW is probably the first-ever
reasonably detailed examination of the browser security model and its
evolution through the years, covering everything from frame navigation
policies and some of the less known quirks of plugin handling and
content sniffing, to many of the current and upcoming HTML5 features.
In addition to that, I think it outlines quite a few novel challenges
that I think will shape the future of web security, e.g.:
http://lcamtuf.blogspot.com/2010/08/on-designing-uis-for-non-robots.html
http://lcamtuf.blogspot.com/2011/08/subtle-deadly-problem-with-csp.html
And as a final bonus for bug hunters, it also highlights a bunch of
previously unpublished security issues, such as this Opera origin
inheritance flaw (reported in Mar 2011, and fixed not that long ago):
PoC: http://lcamtuf.coredump.cx/inherit/opera.html
Advisory: http://www.opera.com/support/kb/view/995/
For sample chapters, endorsements, etc, you can go there:
http://lcamtuf.coredump.cx/tangled/
Feedback welcome. It's far less of a viable commercial project, and
more of an attempt to just document the current state of affairs.
/mz
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org