YoVDO

Chrome Security Secret Sauce

Offered By: Strange Loop Conference via YouTube

Tags

Strange Loop Conference Courses Web Security Courses Online Privacy Courses Phishing Courses Browser Security Courses Malware Detection Courses Sandboxing Courses

Course Description

Overview

Explore Chrome's security features and strategies in this 41-minute conference talk from Strange Loop 2013. Dive into the browser's core principles of speed, simplicity, and security as Google's "Security Princess" Parisa Tabriz discusses current online threats and Chrome's protective measures. Learn about the Chrome security team's philosophies, successes, and ongoing challenges in browser security. Discover how Chrome tackles top web threats, including browser exploits, phishing, malware, and SSL attacks. Gain insights into Chrome's multi-layered defense approach, featuring process sandboxing, plugin management, and certificate pinning. Understand the importance of browser security in today's digital landscape and how it should influence your software choices.

Syllabus

Intro
Disclaimers
Chrome's Core Principles
Chrome Security Team
Browser Security?
Top Threats on the Web
Browser Exploits Malicious code that aims to achieve remote code execution on victim's computer by exploiting a security bug in the browser.
Counterthreat Step 1: Find and fix security bugs. Update users.
Find Bugs via Fuzzing
Pay for Bugs
Pay for Exploits
Fix Bugs, Update Users. Fast.
Defense in Depth
Process Sandboxing
Plugin Sandboxing
Plugin Blocking
Phishing & Malware Sites Get a user to visit or load a malicious website that either (a) phishes their personal data or (b) delivers some malicious payload leg malware .
Block Badness
Find Badness
Notify of Badness
Attacks to SSL Violate the security and privacy guarantees of SSL to steal user information
Gimme some SSL!
SSL Protocol Handshake
Man-in-the-Middle Attack
Certificate Pinning Chrome comes preloaded with the certificates it expects to see for Google-owned websites, and if it does not see one of those when it visits a Google owned website, it shows an error page to the user and will not let the user continue.
Certificate Pinning FTW!
HTTP Strict Transport Security
HSTS Whitelisted Services
Closing Thoughts Browser security matters. It should be a factor in choosing the software you use.
Questions? Complaints?


Taught by

Strange Loop Conference

Tags

Related Courses

Cloud IDS: Qwik Start
Google via Google Cloud Skills Boost Advanced Malware and Network Anomaly Detection
Johns Hopkins University via Coursera Cybersecurity for IT Professionals
LinkedIn Learning Improve Your Wireshark Skills
LinkedIn Learning Detect threats and protect information in cloud apps using Microsoft Defender for Cloud Apps
Microsoft via Microsoft Learn