topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday October 13, 2024, 5:30 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Browser security handbook now available for web developers  (Read 6650 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Browser security handbook now available for web developers
« on: December 13, 2008, 11:03 AM »
This spotted via the Heise Security RSS feed:

http://www.heise-onl...ok--/features/112243

Worth Reading
The Browser Security Handbook


The Browser Security Handbook (BSH) is a reference for developers and security experts that covers the security features and mechanisms available in different browsers. The BSH currently covers Internet Explorer 6 and 8, Firefox 2 and 3, Safari, Opera, Chrome and the Android embedded browser.

It's in three sections, the first looks at the basic concepts involved, from URLs and Unicode, to HTML and JavaScript, then it moves on to the security features that browsers implement to prevent abuse or manipulation. This include detailed explanations how Same Origin policies are applied to cookies, Flash, XMLHttpRequests and Java, and how it affects developers. The final section looks at legacy and experimental security mechanisms.

from the handbook Introduction page: http://code.google.c...ki/Main#Introduction

Introduction

Hello, and welcome to the Browser Security Handbook!

This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.



mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Browser security handbook now available for web developers
« Reply #1 on: December 19, 2008, 10:56 AM »
Didn't see this when it was first posted -- nice find  :up:

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Browser security handbook now available for web developers
« Reply #2 on: December 20, 2008, 05:08 AM »
Ah, it's by Michal Zalewski!
« Last Edit: December 20, 2008, 05:13 AM by ewemoa »

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Browser security handbook now available for web developers
« Reply #3 on: December 20, 2008, 06:08 AM »
The BSH currently covers Internet Explorer 6 and 8

I took a brief look at the BSH -- who is going to understand all of that ;) -- and the impression I got was that for IE it covers 6 and 7 (and presumably after 8 is released it will cover that).