Frederik Braun (Mozilla)

In this talk, we will examine web security through the browser's perspective. Various browser features have helped fix transport security issues and increase HTTPS adoption: Encouragements in the form of providing more exciting APIs exclusively to Secure Context or deprecating features (like with Mixed Content Blocking) have brought HTTPS adoption to over 90% in ten years.

With these successful interventions as the browser's carrots and sticks - rewards for secure practices and penalties for insecure ones - we will then identify what academia and the industry can do to further apply security improvements. In particular, we will look at highly prevalent security issues in client code, like XSS and CSRF. In the end, we will see how the browser can play an instrumental role in web security improvements and what common tactics and potential issues exist.:

Speaker's Biography: Frederik Braun builds security for the web and Mozilla Firefox in Berlin. As a contributor to standards, Frederik is also improving the web platform by bringing security into the defaults with specifications like the Sanitizer API and Subresource Integrity. Before Mozilla, Frederik studied IT-Security at the Ruhr-University in Bochum where he taught web security and co-founded the CTF team fluxfingers.

View More Papers

YuraScanner: Leveraging LLMs for Task-driven Web App Scanning

Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

Read More

ProvGuard: Detecting SDN Control Policy Manipulation via Contextual Semantics...

Ziwen Liu (Beihang University), Jian Mao (Beihang University; Tianmushan Laboratory; Hangzhou Innovation Institute, Beihang University), Jun Zeng (National University of Singapore), Jiawei Li (Beihang University; National University of Singapore), Qixiao Lin (Beihang University), Jiahao Liu (National University of Singapore), Jianwei Zhuge (Tsinghua University; Zhongguancun Laboratory), Zhenkai Liang (National University of Singapore)

Read More

IoT Software Updates: User Perspectives in the Context of...

S. P. Veed, S. M. Daftary, B. Singh, M. Rudra, S. Berhe (University of the Pacific), M. Maynard (Data Independence LLC) F. Khomh (Polytechnique Montreal)

Read More