Security Articles
-
Passwordless authentication: Secure, simple, and fast to deploy
Passwordless is an authentication middleware for Node.js that improves security for your users while being fast and easy to deploy. The last months were very exciting for everyone interested in web security and privacy: Fantastic articles, discussions, and talks but also plenty of incidents that Read more…
-
Firefox and FireCAT as a Platform for Ethical Hacking
Some years ago – in early 2007, while working as freelancers – we were challenged to do a penetration test on a web application. It was really simple but had a condition-based methodology, and therefore was impossible to use any automated tool; we could only Read more…
-
Firefox OS Security: Part 2 – User Experience and Security Updates
When presenting Firefox OS to people, security is a big topic. Can an operating system built on web technologies be secure? What has Mozilla built in to avoid drive-by downloads and malware? How can a browser-based app be secure without making the UX suffer by Read more…
-
Firefox OS Security: Part 1 – The Web Security Model
When presenting Firefox OS to people, security is a big topic. Can an operating system built on web technologies be secure? What has Mozilla built in to avoid drive-by downloads and malware? In this two part video series Christian Heilmann (@codepo8), principal evangelist of Mozilla, Read more…
-
Content Security Policy 1.0 lands in Firefox Aurora
The information in this article is based on work together with Ian Melven, Kailas Patil and Tanvi Vyas. We have just landed support for the Content Security Policy (CSP) 1.0 specification in Firefox Aurora (Firefox 23), available as of tomorrow (May 30th). CSP is a Read more…
-
Privacy policy guidelines and Template for web apps
Releasing an app is much more than just coding it. You are providing a service to people and they trust you with their data. With the amount of reports of apps “calling home” and storing and sending your data to third parties without your consent Read more…
-
An interesting way to determine if you are logged into social web sites
Do you remember the trick how to find out that you went to certain web sites by analysing link colour (now patched in Firefox)? There is much your browser tells about you if you just create a few HTML elements. Mike Cardwell has found an Read more…
-
ECMAScript 5 strict mode in Firefox 4
Editor’s note: This article is posted by Chris Heilmann but authored by Jeff Walden – credit where credit is due. Developers in the Mozilla community have made major improvements to the JavaScript engine in Firefox 4. We have devoted much effort to improving performance, but Read more…
-
WebSocket disabled in Firefox 4
Recent discoveries found that the protocol that Websocket works with is vulnerable to attacks. Adam Barth demonstrated some serious attacks against the protocol that could be used by an attacker to poison caches that sit in between the browser and the Internet. This is a Read more…
-
Firefox 4: HTTP Strict Transport Security (force HTTPS)
This article is about a new HTTPS header: Strict-Transport-Security, which force a website to be fetched through HTTPS. This feature will be part of Firefox 4. How do you type URLs? Do you prefix them with http:// or https:// systematically? Or do you just type Read more…