Mozilla is developing a system that will notify users of its Web applications when those applications are being attacked. The system will use a blacklist to identify unusual user actions that are caused by attacks against the application, says Mozilla's Michael Coates.
The system also will look for activity taking place within the application, Coates says. After the attack has been detected, the system will take steps to prevent the threat from doing any damage to the user's computer. However, the system is not designed to replace any of Mozilla's existing security initiatives, including its threat modeling, security training, and secure development programs, Coates notes.
"The idea behind an 'attack aware' application is that the application is able to identify abnormal user actions that are not due to user errors, such as typos, and are instead the result of deliberate attacks against the application," he says. "The goal is to detect a malicious user probing for application weaknesses and disable their ability to cause damage to the system."
From Dark Reading
View Full Article
No entries found