Building and Breaking the Browser presented at BlackHatDC 2007

by Window Snyder, Mike Shaver,

URL : https://www.blackhat.com/presentations/bh-usa-07/Snyder_and_Shaver/Presentation/bh-usa-07-snyder_and_shaver.pdf

Summary : Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same.
Mozilla has built and collaborated on tools to secure the Firefox Web browser and Thunderbird e-mail client, the first of which will be released at Blackhat Las Vegas 2007. These tools include protocol fuzzers for HTTP and FTP and a fuzzer for Javascript, which together have led to the discovery and resolution of dozens of critical security bugs. These tools may be useful to anyone developing or testing applications that implement or depend on these technologies.
Window Snyder and Mike Shaver will introduce these tools at BlackHat Las Vegas 2007 and discuss methods used to identify vulnerabilities in Firefox; plans for expanding the scope of Mozilla's work on Web security, and how Mozilla's security community uses openness and transparency to protect 100 million users around the world. Learn how to apply Mozilla's tools and techniques to secure your own software, and get an early look at new security features for Firefox 3.
Window Snyder is the Director of Ecosystem Development at Mozilla Corporation.
Prior to joining Mozilla, Ms. Snyder was a principal, founder, and core team member at Matasano, a security services and product company based in New York City and a senior security strategist at Microsoft in the Security Engineering and Communications organization. At Microsoft she managed the relationships between security consulting companies and the Microsoft product teams and the outreach strategy for security vendors and security researchers. Previously she was responsible for security sign-off for Windows XP SP2 and Windows Server 2003.