ApacheCon US 2008 Session

Browser Exploits - Attacks and Defense

This presentation begins with an examination of the fundamental architecture of a browser and its components to get a proper understanding of the full attack surface. The focus then moves to key concepts that are leveraged in practical exploitation of browsers. A few examples of popular browser exploits and an example "0-day" exploit shall be demonstrated. The talk also goes to show how the next generation of Javascript delivered exploits render current defense mechanisms useless. Antivirus programs and malware scanners are already being proved ineffective and cannot continue to identify and stop browser exploits in the future. The talk then moves on to new proposed defense mechanisms that attack the very principles that browser exploits depend on. We shall now introduce and demonstrate a few tools built on these defense principles and apply them against the exploits demonstrated. The talk shall then end with questions from the audience and some thoughts on how these tools can be further extended.

Copyright © 2008 The Apache Software Foundation / Stone Circle Productions. Site hosting provided by Media Temple. Site by JadeTower.