Weekly Edition
Return to the Security page
| |||||||||||
Google's Browser Security Handbook
Google has posted a Browser Security
Handbook, written by Michal Zalewski. "This document is meant to
provide web application developers, browser engineers, and information
security researchers with a one-stop reference to key security properties
of contemporary web browsers. Insufficient understanding of these often
poorly-documented characteristics is a major contributing factor to the
prevalence of several classes of security vulnerabilities." It is
thick and detailed enough to make it clear that no web application
developer can ever hope to understand all of the relevant details.
(Log in to post comments)
Google's Browser Security Handbook Posted Dec 18, 2008 1:57 UTC (Thu) by leonov (subscriber, #6295) [Link]
This is a great resource from Google, but I disagree with the editorial comment: No web application developer worth his salt should even be working without understanding all of the relevant details...
C'mon, we're geeks! We inhale textbooks for breakfast! ;-)
Google's Browser Security Handbook Posted Dec 18, 2008 22:01 UTC (Thu) by dps (subscriber, #5725) [Link]
IMHO understanding all the relevant details is impossible because they are not documented anywhere. A vulnerability vs. browser and version matrix would be huge and probably almost impossible to use.
I think that web application should expect the web browser to be seriously lacking in as many aspects as possible. The server side support should be designed to contain the damage an misbehaved client can inflict. A web application merely had to be sufficiently difficult for crackers to target something else instead,
Google's Browser Security Handbook Posted Dec 18, 2008 23:11 UTC (Thu) by dlang (subscriber, #313) [Link]
you also need to remember that you don't know what is really running and claiming to be the browser. anything you expose to the browser you expose to people running arbitrary tools that could be trying to crack your system
|
|||||||||||