The point at the end really sums it up. The most vulnerable part of many web apps is the browser. It’s like a ready to go exploit framework. For every mitigation they reluctantly add, they also add a new exploit path (see previous post about OCR reading an iframe!).
I mean, when I ssh to another machine I don’t worry that I’ll unwittingly connect to a third machine as well. When I send an email, I don’t worry that the server will trick me to send a dozen more unintended emails. So why is it acceptable that the only way to safely browse the web is to either logout of every high value site or use an entirely separate browser?
As a developer, I find this situation annoying as hell. Most kinds of server software can be developed with security measures derived from first principles. Validate input, confirm user identify, etc. But none of that will prepare you for CSRF, which on the server side looks legit, because the browser itself is conspiring against you.
The point at the end really sums it up. The most vulnerable part of many web apps is the browser. It’s like a ready to go exploit framework. For every mitigation they reluctantly add, they also add a new exploit path (see previous post about OCR reading an iframe!).
I mean, when I ssh to another machine I don’t worry that I’ll unwittingly connect to a third machine as well. When I send an email, I don’t worry that the server will trick me to send a dozen more unintended emails. So why is it acceptable that the only way to safely browse the web is to either logout of every high value site or use an entirely separate browser?
As a developer, I find this situation annoying as hell. Most kinds of server software can be developed with security measures derived from first principles. Validate input, confirm user identify, etc. But none of that will prepare you for CSRF, which on the server side looks legit, because the browser itself is conspiring against you.