| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Jan 2008 00:49:09 +0100 (CET) From: Michal Zalewski <lcamtuf@...ne.cc> To: bugtraq@...urityfocus.com Cc: security@...illa.org, full-disclosure@...ts.grok.org.uk Subject: Tool availability - browser DOM Checker Hi, Along with my colleague Filipe Almeida, I'd like to announce the availability of DOM Checker, an automated tool for validating browser security policy enforcement. The project is hosted at: http://code.google.com/p/dom-checker/ The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives. DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it's worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs). Our hope is that this tool may serve as a framework for ongoing browser security research, and would be integrated by browser vendors with their regression testing and general release QA processes. Please note that this code is experimental - if you encounter any problems, or simply have an idea on how to make it better, let us know. Cheers, /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists