7
IRUS Total
Downloads
  Altmetric

BrowserAudit: Automated testing of browser security features

File Description SizeFormat 
issta.pdfAccepted version540.13 kBAdobe PDFView/Open
Title: BrowserAudit: Automated testing of browser security features
Authors: Hothersall-Thomas, C
Maffeis, S
Novakovic, C
Item Type: Conference Paper
Abstract: The security of the client side of a web application relies on browser features such as cookies, the same-origin policy and HTTPS. As the client side grows increasingly powerful and sophisticated, browser vendors have stepped up their offering of security mechanisms which can be leveraged to protect it. These are often introduced experimentally and informally and, as adoption increases, gradually become standardised (e.g., CSP, CORS and HSTS). Considering the diverse landscape of browser vendors, releases, and customised versions for mobile and embedded devices, there is a compelling need for a systematic assessment of browser security. We present BrowserAudit, a tool for testing that a deployed browser enforces the guarantees implied by the main standardised and experimental security mechanisms. It includes more than 400 fully-automated tests that exercise a broad range of security features, helping web users, application developers and security researchers to make an informed security assessment of a deployed browser. We validate BrowserAudit by discovering both fresh and known security-related bugs in major browsers. Copyright is held by the owner/author(s).
Issue Date: 13-Jul-2015
Date of Acceptance: 1-Apr-2015
URI: http://hdl.handle.net/10044/1/23307
DOI: https://dx.doi.org/10.1145/2771783.2771789
ISBN: 978-1-4503-3620-8
Publisher: Association for Computing Machinery
Start Page: 37
End Page: 47
Journal / Book Title: ISSTA 2015 Proceedings of the 2015 International Symposium on Software Testing and Analysis
Copyright Statement: © ACM, 2015. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ISSTA 2015 Proceedings of the 2015 International Symposium on Software Testing and Analysis, http://doi.acm.org/10.1145/2771783.2771789
Conference Name: 2015 International Symposium on Software Testing and Analysis
Place of Publication: New York, NY
Publication Status: Published
Start Date: 2015-07-14
Finish Date: 2015-07-17
Conference Place: Baltimore, MD
Appears in Collections:Computing
Faculty of Engineering