7
IRUS TotalDownloads
Altmetric
BrowserAudit: Automated testing of browser security features
Title: | BrowserAudit: Automated testing of browser security features |
Authors: | Hothersall-Thomas, C Maffeis, S Novakovic, C |
Item Type: | Conference Paper |
Abstract: | The security of the client side of a web application relies on browser features such as cookies, the same-origin policy and HTTPS. As the client side grows increasingly powerful and sophisticated, browser vendors have stepped up their offering of security mechanisms which can be leveraged to protect it. These are often introduced experimentally and informally and, as adoption increases, gradually become standardised (e.g., CSP, CORS and HSTS). Considering the diverse landscape of browser vendors, releases, and customised versions for mobile and embedded devices, there is a compelling need for a systematic assessment of browser security. We present BrowserAudit, a tool for testing that a deployed browser enforces the guarantees implied by the main standardised and experimental security mechanisms. It includes more than 400 fully-automated tests that exercise a broad range of security features, helping web users, application developers and security researchers to make an informed security assessment of a deployed browser. We validate BrowserAudit by discovering both fresh and known security-related bugs in major browsers. Copyright is held by the owner/author(s). |
Issue Date: | 13-Jul-2015 |
Date of Acceptance: | 1-Apr-2015 |
URI: | http://hdl.handle.net/10044/1/23307 |
DOI: | https://dx.doi.org/10.1145/2771783.2771789 |
ISBN: | 978-1-4503-3620-8 |
Publisher: | Association for Computing Machinery |
Start Page: | 37 |
End Page: | 47 |
Journal / Book Title: | ISSTA 2015 Proceedings of the 2015 International Symposium on Software Testing and Analysis |
Copyright Statement: | © ACM, 2015. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ISSTA 2015 Proceedings of the 2015 International Symposium on Software Testing and Analysis, http://doi.acm.org/10.1145/2771783.2771789 |
Conference Name: | 2015 International Symposium on Software Testing and Analysis |
Place of Publication: | New York, NY |
Publication Status: | Published |
Start Date: | 2015-07-14 |
Finish Date: | 2015-07-17 |
Conference Place: | Baltimore, MD |
Appears in Collections: | Computing Faculty of Engineering |