Application Sandboxes: A pen-tester’s perspective

Bromium Labs

I’m excited to announce a new research report from Bromium Labs, written by myself and Rafal Wojtczuk. It ended up being far more comprehensive than we initially thought, so we decided to call it “Application Sandboxes: A Pen Tester’s Perspective”. In this report we perform security evaluation of publicly available application sandboxes viz: Google Chrome, Adobe Reader, Sandboxie, BufferZone Pro and Dell Protected Workspace.

The report is available here.

To create some context, we are all aware of the deficiencies of traditional endpoint security technologies. There are a lot of vendors coming up with ideas and solutions to combat the malware challenge. What is the core issue? It’s simple – the attack surface, which is predominantly the Operating System (and installed apps) for any user. In this paper, we evaluate one of the the newer approaches – sandboxing and verify how well it stands up against real world threats.

The report…

View original post 160 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s