Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defensive Design Article #17

Open
manuelvsousa opened this issue Sep 10, 2020 · 0 comments
Open

Defensive Design Article #17

manuelvsousa opened this issue Sep 10, 2020 · 0 comments
Labels
new article Suggestion for a new article

Comments

@manuelvsousa
Copy link
Member

manuelvsousa commented Sep 10, 2020
edited
Loading

In PR #16 we introduced motivations for a Defensive Design Article where we believe, this particular article should be the result of a community effort from both companies (which fix these bugs) and researchers (which get reported bugs fixed).

Here some of the ideas for this article:

  • The way applications they use iframes to display information based on a user query (search system)
  • How applications use Fetch Metadata with Vary headers to prevent cache probing attacks and what problems might occur with improper deployments. Are there any drawbacks of deploying this?
  • How to ensure all application endpoints implement certain Headers to have the same behavior across different states.
  • Quick strategies to mitigate reported XS-Leaks, as a short-term solution before deploying web platform security features.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new article Suggestion for a new article
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@manuelvsousa