W3C Prepares Guidance For Web Development In A Post-Spectre World – Phoronix

  • Whatsapp

An editor’s draft for post-Spectre web development guidance was made available by the W3C.

Bacaan Lainnya

The W3C is preparing guidelines for web developers in better ensuring their code is safe from potential exploit by Spectre security vulnerabilities. Spectre has been public since January 2018 and concerns have been known around JIT’ed JavaScript. Made public recently though was the first “fully weaponized” exploit for Spectre beyond the early proof-of-concept code.

The editor’s draft of “Post-Spectre Web Development” outlines recommendations for handling of requests, restricting any attackers’ ability to load data as a document or sub-resource, preventing MIME-type confusion attacks, and restricting any attackers’ ability to handle the window.

Post-Spectre, we need to adopt some new strategies for safe and secure web development. This document outlines a threat model we can share, and a set of mitigation recommendations.

TL;DR: Your data must not unexpectedly enter an attacker’s process.

The current draft can be found at w3c.github.io.


Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *