Browser Security Handbook

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Browser Security Handbook
From: Michal Zalewski <lcamtuf@xxxxxxxx>
Date: Thu, 11 Dec 2008 00:05:06 +0100 (CET)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi all,

I am happy to announce the availability of our "Browser Security Handbook"- a comprehensive, 60-page document meant to provide web applicationdevelopers and information security researchers with a one-stop referenceto several hundred key security properties and sometimes counterintuitivequirks in contemporary web browsers:


  http://code.google.com/p/browsersec/wiki/Main

Having a clear picture of these characteristics appears to be ofsignificance to building secure web applications, and to auditing existingdesigns for potential weaknesses. For this reason, I am hoping that thedocument is a valuable contribution to the information security community.

BSH currently covers recent releases of Microsoft Internet Explorer(versions 6 and 7), Mozilla Firefox (versions 2 and 3), Apple Safari,Opera, Google Chrome, Android embedded browser, and a handful of browserplugins.

Please note that due to the sheer number of characteristics covered, Ifully expect some kinks to show up here and there; feedback from vendorsand security researchers is greatly appreciated.


Cheers,
/mz

Prev by Date: [ GLSA 200812-11 ] CUPS: Multiple vulnerabilities
Next by Date: AST-2008-012: Remote crash vulnerability in IAX2
Previous by thread: [ GLSA 200812-11 ] CUPS: Multiple vulnerabilities
Next by thread: AST-2008-012: Remote crash vulnerability in IAX2
Index(es):
- Date
- Thread