Frederik Braun (Mozilla)

In this talk, we will examine web security through the browser's perspective. Various browser features have helped fix transport security issues and increase HTTPS adoption: Encouragements in the form of providing more exciting APIs exclusively to Secure Context or deprecating features (like with Mixed Content Blocking) have brought HTTPS adoption to over 90% in ten years.

With these successful interventions as the browser's carrots and sticks - rewards for secure practices and penalties for insecure ones - we will then identify what academia and the industry can do to further apply security improvements. In particular, we will look at highly prevalent security issues in client code, like XSS and CSRF. In the end, we will see how the browser can play an instrumental role in web security improvements and what common tactics and potential issues exist.:

Speaker's Biography: Frederik Braun builds security for the web and Mozilla Firefox in Berlin. As a contributor to standards, Frederik is also improving the web platform by bringing security into the defaults with specifications like the Sanitizer API and Subresource Integrity. Before Mozilla, Frederik studied IT-Security at the Ruhr-University in Bochum where he taught web security and co-founded the CTF team fluxfingers.

View More Papers

WAVEN: WebAssembly Memory Virtualization for Enclaves

Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)

Read More

ABElity: Attribute Based Encryption for Securing RIC Communication in...

K Sowjanya (Indian Institute of Technology Delhi), Rahul Saini (Eindhoven University of Technology), Dhiman Saha (Indian Institute of Technology Bhilai), Kishor Joshi (Eindhoven University of Technology), Madhurima Das (Indian Institute of Technology Delhi)

Read More

Unleashing the Power of Generative Model in Recovering Variable...

Xiangzhe Xu (Purdue University), Zhuo Zhang (Purdue University), Zian Su (Purdue University), Ziyang Huang (Purdue University), Shiwei Feng (Purdue University), Yapeng Ye (Purdue University), Nan Jiang (Purdue University), Danning Xie (Purdue University), Siyuan Cheng (Purdue University), Lin Tan (Purdue University), Xiangyu Zhang (Purdue University)

Read More

ASGARD: Protecting On-Device Deep Neural Networks with Virtualization-Based Trusted...

Myungsuk Moon (Yonsei University), Minhee Kim (Yonsei University), Joonkyo Jung (Yonsei University), Dokyung Song (Yonsei University)

Read More