AppSecUSA 2012 has ended
Friday, October 26 • 11:00am - 11:45am
The Same-Origin Saga

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

I created what became known as the browser "Same-Origin Policy" (SOP) under duress for Netscape 2, 3, and 4 in the mid-nineties.SOP was intended to preserve the integrity of a user/website session against interference from untrusted other sites. As the web evolved, SOP split from a single precise policy into several variations on a theme, but it remains the default browser content security policy framework. I will review SOP's vulnerabilities and its "patches" that were intended to mitigate those avenues of attack. I will close by suggesting an extension to SOP that labels scripts loaded cross-site with origins that are distinguishable from (yet related to) the origin of the including web page or application.

avatar for Brendan Eich

Brendan Eich

Chief Technology Officer, Mozilla
Brendan Eich is CTO of Mozilla and widely recognized for his enduring contributions to the Internet revolution. In 1995, Eich invented JavaScript (ECMAScript), the Internet’s most widely used programming language. He also co-founded the mozilla.org project in 1998, serving as chief... Read More →

Friday October 26, 2012 11:00am - 11:45am CDT
NTObjectives Room - Texas Ballroom II Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (0)