Browser security handbook

Sunday 25 January 2009

Michal Zalewski is maintaining an incredible document, the Browser Security Handbook. It catalogs and describes all the browser behaviors related to security concerns in web applications. Everything is covered in astounding detail, with tables of browser beaviors, descriptions of the issues involved, links to vendor-specific information, code for test cases, etc. It isn’t very long, but it’s got the highest signal-to-noise ratio of anything else covering these issues.

It’s a fascinating read on a number of levels. First, as a web application developer, you need to understand the wide variety of possible threats. Second, as a software developer, it’s interesting to see the differences in implementation at the far edges of a spec. Remarkable through and through.

Comments

[gravatar]
Ned Batchelder 3:59 PM on 25 Jan 2009

On a related note, this just crossed my desk: XSS Prevention Cheat Sheet: 6 succinct rules for preventing XSS attacks.

Add a comment:

Ignore this:
Leave this empty:
Name is required. Either email or web are required. Email won't be displayed and I won't spam you. Your web site won't be indexed by search engines.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.