1

I have a Node REST API. That API is usually called from the SDK, which is used in browsers. For the whole structure to function properly, because the product is heavily reliant on security, it is important that the browsers talking to the API have good CSPRNGs and proper content security policy implementation.

Obviously, the quality of the implementation is only verifiable to a limited extent, but to protect the users who mean no harm, identifying old or dangerous browsers should be easily done using the user agent.

There are a lot of question about how to detect browsers, which in itself isn't really difficult to do. My question is, however, is there a list of user agents that are insecure or old/outdated/deprecated? A map from user agent strings to vulnerabilities? How would I best go about implementing such a system?

arik
  • 28,170
  • 36
  • 100
  • 156

1 Answers1

1

What is the criteria for "insecure"? Each of browsers has a bunch of vulnerabilities. There is no browser without bugs and security issues. Which are continuously being fixed. What about just checking user agent version comparing to latest? I assume if it not latest, then it is more insecure than latest. Getting list of latest browser version is different task. Can be done even by parsing this page http://browsehappy.com/

Sergey Yarotskiy
  • 4,536
  • 2
  • 19
  • 27