Browser Security and Exploitation

  1. Emerging Attack Surfaces
    1. WebAssembly Security
      1. Wasm Runtime Architecture
        1. Linear Memory Model
          1. Execution Environment
            1. Host Function Interface
            2. Wasm Security Boundaries
              1. Memory Safety Guarantees
                1. Control Flow Integrity
                  1. Type Safety Enforcement
                  2. Wasm-JavaScript Interface
                    1. Type Conversion Vulnerabilities
                      1. Memory Sharing Issues
                        1. Function Import/Export Security
                      2. Modern Web APIs
                        1. WebGL Security
                          1. GPU Memory Access
                            1. Shader Compilation Security
                              1. Information Disclosure Risks
                              2. WebRTC Security
                                1. Peer-to-Peer Communication
                                  1. Media Stream Access
                                    1. Network Information Leakage
                                    2. Device Access APIs
                                      1. WebUSB Security Model
                                        1. WebHID Permissions
                                          1. Bluetooth API Risks
                                          2. Storage APIs
                                            1. Origin Private File System
                                              1. Persistent Storage Quotas
                                                1. Cross-Origin Storage Access
                                              2. Service Workers
                                                1. Service Worker Lifecycle
                                                  1. Registration and Installation
                                                    1. Activation and Updates
                                                      1. Termination and Restart
                                                      2. Service Worker Security
                                                        1. Network Request Interception
                                                          1. Cache Manipulation
                                                            1. Background Sync Security
                                                          2. Progressive Web Apps
                                                            1. PWA Installation Process
                                                              1. App Manifest Security
                                                                1. Offline Functionality Risks
                                                                  1. Push Notification Security

                                                                Previous

                                                                12. Browser Extensions and Plugin Security

                                                                Go to top

                                                                Next

                                                                14. Security Analysis Tools