Security & Privacy + Software & Apps

Google has published an on-line Browser Security Handbook, a comprehensive document written for “web application developers, browser engineers, and information security researchers” as a “one-stop reference to key security properties of contemporary web browsers”. The document states that “Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.”

The document currently covers the following browsers: Microsoft Internet Explorer 6 and 7, Mozilla Firefox 2 and 3, Apple Safari, Opera, Google Chrome, and the Android embedded browser. It is likely that it will be kept up to date as browser versions and security issues change.

This is a very dense document, designed for developers and engineers, not for the general public. It goes into great detail on the different ways browsers work with URLs, how they handle different types of HTTP headers, how they handle non-standard HTML, the way they deal with Javascript and other scripting languages, how they process CSS stylesheets, and more. It then discusses the basic security issues that face web browsers and how they react to different calls and requests.

Browser security is complex and deserves this type of approach, which analyzes problems and compares behavior. This document will be a valuable tool for developers and security researchers alike.