Scribd Logo
Upload

Welcome to Scribd!

  • Browsersecrets

    Uploaded by

    milton_diaz5278
    6 views1 page
    Docuemto en ingles tipo infografia que muestra ciertas caracteristicas de funcionamiento de los actuales browsers, de mucha ayuda para entender el funcionamiento de los browsers.

    Original Title

    browsersecrets

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Docuemto en ingles tipo infografia que muestra ciertas caracteristicas de funcionamiento de los actuales browsers, de mucha ayuda para entender el funcionamiento de los browsers.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views1 page

    Browsersecrets

    Uploaded by

    milton_diaz5278
    Docuemto en ingles tipo infografia que muestra ciertas caracteristicas de funcionamiento de los actuales browsers, de mucha ayuda para entender el funcionamiento de los browsers.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Security Cheat Sheet

    Version 2020.001

    Secure data storage in the browser


    Secure data storage in a browser is quite a challenge. This cheat sheet explores the security properties of data storage mecha-
    nisms in the browser. It offers origin-based isolation as an alternative over the use of localStorage or sessionStorage. The cheat
    sheet also covers how to encrypt data for online or offline use. Also check out the code examples and live demo.

    Storing data in LocalStorage Storing data in SessionStorage


    LocalStorage is the most widely used browser storage SessionStorage is part of the same API as localStorage
    mechanism. It offers key/value-based storage. By design, and also offers key/value-based storage. SessionStorage is
    localStorage is accessible to the entire origin. associated with an origin and a set of browsing contexts.

    v
    A B

    LOCAL SESSION SESSION


    STORAGE STORAGE STORAGE

    A
    B

    localStorage offers easily accessible long-term storage sessionStorage offers easily accessible short-term storage
    All script code running within the origin can access the data Data access is limited to code running in related contexts
    Legitimate code has no exclusive control over the data Legitimate code has no exclusive control over the data
    Data is stored in plaintext on the file system Data is stored in plaintext on the file system

    Origin-isolated data storage Encrypted data storage


    The origin-isolated storage pattern offers a way to keep The WebCrypto API allows clients to encrypt and decrypt
    data out of reach of malicious code. The attack surface is data before storing it. Doing so is the only way to prevent
    reduced from raw data access to abuse of an exposed API. data theft through the device’s file system.

    Encrypted data with online acces

    LOCAL
    STORAGE
    BACKEND

    Data is stored encrypted on the file system


    The key is retrieved from a server-provided endpoint

    Encrypted data with offline acces


    Request password

    Origin-based isolation is suited for storing sensitive data USER


    *******
    The API can enforce origin-based access control
    The absence of third-party code ensures full control Data is stored encrypted on the file system
    Data is stored in plaintext on the file system The key is derived from a user-provided password

    Code and live demo available at https://browsersecrets.restograde.com/

    Is OAuth 2.0 and OpenID Connect causing you frustration?


    Your shortcut to understanding OAuth 2.0 and OIDC is right here
    Best practices
    https://courses.pragmaticwebsecurity.com for SPAs and APIs

    You might also like