Security Considerations: Writing first round of threats and mitigatio… #277
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ns (Web API level) A first draft of the identified threats and potential mitigations (some already applied), particularly at the Web API level. *Threats* - SOP Violation - Fingerprinting and Cross-Device Tracking - Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) - Clickjacking & UI redressing - Reply Attack - Quishing - Phishing/Harvesting *Mitigations (already implemented or to be considered)* - Data Minimization - Secure contexts - Limit API usage - Informing the user - Transient activation Things to consider: - What else could go wrong (if there are other threats) - What can we do about the threats we have identified - Do we like the countermeasures we already have in place - Are there other mitigations to consider or write down [cc'ing @Sh-Amir and @ZAnsaroudi]
simoneonofri
added
security-tracker
| <h3 id='threats-and-attacks'>Threats and Attacks</h3> | ||
| <h4 id='same-origin-policy-violations'>Same-Origin Policy Violations</h4> | ||
| <p>SOP violation occurs when a script or resource from one origin breaks the browser's foundational Same-Origin | ||
| Policy—intended to segregate data between origins—by accessing or tampering with another origin's data, cookies, |
There was a problem hiding this comment.
Suggested change
| Policy—intended to segregate data between origins—by accessing or tampering with another origin's data, cookies, | |
| Policy, which is intended to segregate data between origins, by accessing or tampering with another origin's data, cookies, |
|
This still feel overly broad and not necessarily related to the API. |
|
|
||
| </ul> | ||
| <h4 id='transient-activation'>Transient activation</h4> | ||
| <p>Transient activation ensures that powerful or sensitive web features can only be triggered immediately following a |
There was a problem hiding this comment.
This redefines "transient activation", which is not appropriate. This should only say, "The API relies on transient activation, preventing websites from calling the API without user interaction."
| data sharing or unintended leaks.</p> | ||
| <p>The API prompts the user to show the request's origin before proceeding.</p> | ||
| <h4 id='permission-request'>Permission request</h4> | ||
| <p>Permission controls require explicit user permission before any API use is allowed. This ensures that users know when |
There was a problem hiding this comment.
This is not true. This should be removed. There is no permission screen.
We rely on Permission Policy only. And only to prevent third-party iframes from calling the API.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ns (Web API level)
A first draft of the identified threats and potential mitigations (some already applied), particularly at the Web API level.
Threats
Mitigations (already implemented or to be considered)
Things to consider:
[cc'ing @Sh-Amir and @ZAnsaroudi]
Preview | Diff