Trends Report

Man-In-The-Browser: Emerging Attacks Exploit Browser Vulnerabilities

April 17th, 2007
Chenxi Wang, null
Chenxi Wang
With contributors:
Laura Koetzle , Khalid Kark , Sarah Bernhardt

Summary

A new form of man-in-the-middle attack, called "man-in-the-browser," has surfaced. These attacks can bypass current browser security mechanisms to read, insert, and modify transaction data. Although actual attacks are rare, the technology for launching this type of attack is readily available. Firms that conduct high-value financial transactions over the Web are particularly at risk. So, what should enterprises do to protect themselves against this new threat? While client security products are not yet equipped to handle this new breed of attack, a number of short-term solutions exist to offer temporary protection. A longer-term solution lies in transaction verification. Organizations that do business online should re-evaluate their solution road maps and incorporate transaction verification as a core component of their overall security strategy.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.