Inject Permissions Policy

Any modern web application can request access to device features - your camera, microphone, or GPS, to name a few. Device integration makes the web more interactive. However, there are scenarios in which device access poses risks. For instance, for children that make first steps on the web. Webfuse is a powerful browser-as-a-platform that lets you shape the web according to your needs. Besides blocking inappropriate sites, Webfuse enables blocking of device features.

Users Are Exposed to Invasive Permissions-Especially on Third-Party Apps

• Shady websites might abuse granted device access
• Most users click “Allow” without understanding the risk
• Security teams can’t control permission behavior on apps they don’t own
• Websites might find ways to silently access hardware
• Enforcing device access policies is not trivial
• Existing solutions require complex reverse proxies or browser extensions‍

Webfuse puts the control back in your hands-at the session layer.

How Webfuse solves this - Declare Security on Platform Level

In contrast to traditional systems, implementation of security measures with Webfuse is straightforward:

Dynamic Policy Injection-Applied in Real Time
Webfuse Spaces allow you to intercept and rewrite every response from a target web app. With the Custom Headers App, you can:

• Create a Webfuse space - your configuration of the web
• Route all your traffic through a Webfuse session in this space
• Install Webfuse's Headers App
• Add the experimental (soon to be baseline) Permissions Policy response header to tell browsers which apps to grant, or deny device feature access.
• You might want your trusted meeting app only to access camera and microphone, for example.
• Combine with Lockdown App for advanced protection against XSS, iframe abuse, and resource leakage
• Modify headers without altering the original app or server
• The rule applies to all sessions within the space
  

Key benefits

• Deny Device Access with fIne-grained Rules: You configure Webfuse which apps to provision device access, including types of devices‍
  
  • Block Camera, Mic, and Geolocation Access
  • Apply browser-native permission restrictions to all sites/apps visited‍
• ‍No Server-Side Integration Needed: Webfuse is a platform-based browser that can be used right away, in any browser or embedded into another app‍
• Evolved Security: Permissions policy is just one aspect of strong security measures. Webfuse supports many more security features‍‍
  
  • Combine with CSP, Lockdown, and Session Monitoring for layered defence

Who could benefit from this added security?

• Educational Institutions, such as schools, that need to protect minors from abuse, e.g. hidden video recording
• Highly-regulated Institutions, such as banks, that need to adhere to strict security compliance policies
• Kiosk Providers, that want to have an extra layer on security for when users break out of the sandbox

Get Started Now

Check out our demo space to see a basic example. Launch a secure session with device access restrictions in minutes. A template SPACE with the proper headers and Custom Headers App will be preinstalled-ready to lock down any target web app. Try to access your webcam from anywhere in the web. Sign up for a trial and build your own space with custom policies.