Security

Here are my papers and ideas on web security, with a particular emphasis on web browsers. However, most of them are now rather old. I work on CA stuff for Mozilla, and most of the thinking and writing I do in this area is now in that context.

Certificates

Phishing

Cross-Site Scripting

  • Content Restrictions - mitigate XSS attacks by allowing sites to specify the capabilities script on their pages should have. Many of the ideas from this have found their way into CSP.
  • Script Keys - mitigate XSS attacks by allowing sites to specify which scripts on their pages should run.

Other

  • Link Fingerprints - ensure a downloaded file is the exact required version by embedding a checksum in the link to it.

Original URL: http://www.gerv.net/security/