browsersec


Browser Security Handbook

Browser Security Handbook

Browser Security Handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

The document currently covers several hundred security-relevant characteristics of Microsoft Internet Explorer (versions 6, 7, and 8), Mozilla Firefox (versions 2 and 3), Apple Safari, Opera, Google Chrome, and Android embedded browser.

Open-source test cases provided alongside with this document permit any other browser implementations to be quickly evaluated in a similar manner.

Note that a more complete and up-to-date account of the browser security model, including a detailed coverage of topics such as HTML parsing, JS execution, plugin capabilities, frame navigation policies, or HTML5 security, can be found in "The Tangled Web".

Quick links

Project Information

Labels:
Google security browsers http html javascript