Useful Links
Computer Science
Cybersecurity
Browser Security and Exploitation
1. Introduction to Browser Security
2. Browser Architecture Fundamentals
3. Web Technology Foundations
4. Browser Security Models
5. Vulnerability Classifications
6. Browser Exploitation Methodology
7. Exploitation Primitives and Techniques
8. JavaScript Engine Exploitation
9. DOM and Rendering Engine Exploitation
10. Browser Hardening and Mitigations
11. Vulnerability Research Methods
12. Browser Extensions and Plugin Security
13. Emerging Attack Surfaces
14. Security Analysis Tools
Browser Security Models
Same-Origin Policy
Origin Definition Components
Protocol Scheme
Domain Name
Port Number
SOP Enforcement Areas
DOM Access Control
Cookie Isolation
Network Request Restrictions
Storage Partitioning
Cross-Origin Communication
Cross-Origin Resource Sharing
Simple Requests
Preflight Requests
Credential Handling
PostMessage API
Message Passing Security
Origin Verification
Document Domain Relaxation
Subdomain Communication
Security Implications
JSONP Technique
Implementation Method
Security Vulnerabilities
Browser Sandboxing
Sandboxing Principles
Process Isolation
Privilege Separation
Resource Access Control
Chromium Sandbox Architecture
Broker Process Model
Target Process Restrictions
Security Token Management
Firefox Sandbox Implementation
Content Process Isolation
Security Level Configuration
IPC Security
Sandbox Escape Techniques
Kernel Exploitation
IPC Abuse
Privilege Escalation
Content Security Policy
CSP Directive Types
Source Directives
Navigation Directives
Reporting Directives
CSP Implementation
Header-Based Deployment
Meta Tag Implementation
Violation Reporting
CSP Bypass Techniques
Policy Misconfiguration
Script Gadget Abuse
JSONP Injection
Security Headers
HTTP Strict Transport Security
HSTS Directive Options
Preload List Mechanism
Subdomain Inclusion
Content Type Options
MIME Sniffing Prevention
Security Implications
Frame Options
Clickjacking Protection
Frame Embedding Control
Referrer Policy
Referrer Information Control
Privacy Implications
Cross-Origin Policies
Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy
Previous
3. Web Technology Foundations
Go to top
Next
5. Vulnerability Classifications