Home » 2010 » February » 10

Simultaneous connection limits

For performance reasons, most browsers regularly issue requests simultaneously, by opening multiple TCP connections. To prevent overloading servers with excessive traffic, and to minimize the risk of abuse, the number of connections to the same target is usually capped. The following table captures these limits, as well as default read timeouts for network resources:

Views: 8455 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Browser Security Handbook, part 2.4

Gaps in DOM access control

For compatibility or usability reasons, and sometimes out of simple oversight, certain DOM properties and methods may be invoked across domains without the usual same-origin check carried out elsewhere. These exceptions to DOM security rules include:

The ability to look up named third-party windows by their name: by design, all documents have the ability to obtain handles of all standalone windows and <IFRAME> objects they spawn from within JavaScript. Special builtin objects also permit them to look up the handle of the document that embeds them as a sub-resource, if any (top and parent); and the document that spawned their window (opener). ... Read more »

Views: 7824 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Browser Security Handbook, part 2.3

Navigation and content inclusion across domains

There are numerous mechanisms that permit HTML web pages to include and display remote sub-resources through HTTP GET requests without having these operations subjected to a well-defined set of security checks:

Simple multimedia markup: tags such as <IMG SRC="..."> or <BGSOUND SRC="..."> permit GET requests to be issued to other sites with the intent of retrieving the content to be displayed. The received payload is then displayed on the current page, assuming it conforms to one of the internally recognized formats. In current designs, the data embedded this way remains opaque to JavaScript, however, and cannot be trivially read back ( ... Read more »

Views: 8490 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Browser Security Handbook, part 2.2

Much like Adobe Flash, Java applets, reportedly supported on about 80% of all desktop systems, follow the basic concept of same-origin checks applied to a runtime context derived from the site the applet is downloaded from. The documentation for Java security model available on the Internet appears to be remarkably poor and spotty, so the information provided in this section is in large part based on empirical testing. According to this research, the following permissions are available to Java applets:

The ability to interact with JavaScript on the embedding page through the JSObject API, with no specific same-origin checks. This mechanism is disabled by ... Read more »

Views: 945 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Browser Security Handbook, part 2.1

Same-origin policy for cookies

As the web started to move from static content to complex applications, one of the most significant problems with HTTP was that the protocol contained no specific provisions for maintaining any client-associated context for subsequent requests, making it difficult to implement contemporary mechanisms such as convenient, persistent authentication or preference management (HTTP authentication, as discussed later on, proved to be too cumbersome for this purpose, while any in-URL state information would be often accidentally disclosed to strangers or lost). To address the need, HTTP cookies were implemented ... Read more »

Views: 8250 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Browser Security Handbook, part 2

Part2
Browser Security Handbook, part 2

Browser Security Handbook, part 2

Written and maintained by Michal Zalewski <lcamtuf@google.com>.
Released under terms and conditions of the CC-3.0-BY license.

← Back to basic concepts behind web browsers

Standard browser security features

... Read more »

Views: 6920 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/

Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

1. *Advisory Information*

Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05
Vendors contacted: Cherokee team, Nginx team, Mongoose team
Release mode: User release

2. *Vulnerability Information*

Class: Improper Handling of Exceptional Conditions [CWE-755], Path
traversal [CWE-22 ... Read more »

Views: 9286 | Added by: b1zz4rd | Date: 10 February 2010 | Comments (0)

« February 2010 »
Su	Mo	Tu	We	Th	Fr	Sa
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28

Simultaneous connection limits

Gaps in DOM access control

Navigation and content inclusion across domains

Same-origin policy for Java

Same-origin policy for cookies

Browser Security Handbook, part 2

Table of Contents

Login:
Password: