Google Releases Browser Security Handbook

Ralph DeFrangesco

Google recently released a Browser Security Handbook, a key security reference for browser engineers, developers and security professionals.

 

Michal Zalewski, a developer at Google, states in the handbook's introduction:

"Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities."

The handbook covers the major browsers and versions, including: IE 6 and 7, Firefox 2 and 3, Safari, Opera, Chrome and Android. Google split the handbook into three parts:

 

Part 1: Basic concepts behind Web browsers

 

This first part discusses core concepts such as what a URL is, how to form proper HTML, what a document object model is, how to use cascading style sheets, and browser-side Java scripting.

 


Part 2: Standard browser security features

 

This part concentrates on security features such as how cookies interact with browsers, Flash, Google Gears, cross-site scripting, mashups and content handling.

 

Part 3: Experimental and legacy security measures

 

This final part deals with authentication, password managers, frame restrictions and filtering, security zones and browser engineering issues.

 

It's no wonder hackers target browsers; they are one of the weakest links we humans interact with online. What I found most useful about this handbook is the breakdown of how different each browser is and how security is implemented across each platform. This is a must-have for every security professional.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.