- Tools Mitigating Attacks on the Web Browser and Add-Ons
Drive-by exploits target vulnerabilities in browsers and add-ons like Java, Adobe Reader, and Flash. Defense involves sandboxing (Chrome, IE, Adobe Reader X), tightening settings via Group Policy,...
- Web Security Mitigating Attacks on Web Applications Through the Browser
Attackers use browsers as gateways to attack web applications via XSS (executing malicious JavaScript in app context), CSRF (tricking browsers into submitting crafted requests), clickjacking...
- Web Security Three Web Attack Vectors Using the Browser
Three browser attack vectors cause most web-based attacks: social engineering (phishing, fake software installs), attacking web applications through the browser (XSS, CSRF, clickjacking), and...
- Web Security Cross-Side Scripting Demystified
- Web Security NoScript Strengthens Security Even If You Allow Scripting
NoScript's script-blocking requires users to allowlist every site—many automatically click "allow" or uninstall it. If script allowlisting isn't for you, enable scripts globally but keep NoScript's...
- Web Security Time to Let Go of Java in the Web Browser: How to Disable It
Java exploits have become the top moneymaker for exploit kit authors, yet few people regularly use Java in browsers. The likelihood of being targeted overpowers the benefits. Disable Java in browsers...