All significant modern applications are ported to the web. Even with custom applications, there is at least one web-based component. Web applications are partially dependent on web clients and are continuously part of the security equation. These issues manifest in ways that make the user vulnerable. For example, privacy vulnerabilities are demonstrated with the EFF's Panopticlick browser fingerprinting project. Whether the weakness is privacy exposure, a client exploit, or a server exploit,--an empowered browser can provide a reasonable defense.
This presentation will review three typical vulnerability classes and selected defenses: Privacy, Client-Side, and Server-side. The goal of this new tool is to shorten the vulnerability window to six days. The finale during the talk will demonstrate how to poison your browserĂs DOM for anonymity.