Full Disclosure mailing list archives

Re: Browser Security Handbook

From: "de gracia carron, jose angel (ext)" <degracia.carron.joseangel () servexternos repsol com>
Date: Thu, 11 Dec 2008 16:51:14 +0100

Asi es....
Google ha publicado un Manual de Seguridad del navegador accesible para todo el publico con la esperanza de ayudar a 
hacer la Web un lugar más seguro.

El manual consta de unas 60 páginas donde podemos encontrar amplio conjunto de características de seguridad y 
características de uso común en los navegadores, junto con útiles comentarios y sugerencias para los desarrolladores de 
aplicaciones que necesitan confiar en estos mecanismos, así como equipos de trabajo de ingeniería sobre el futuro del 
navegador del lado del incremento de la seguridad.

http://vulnerabilityteam.wordpress.com/2008/12/11/google-publica-un-manual-de-seguridad-para-navegadores-browsers/

-----Mensaje original-----
De: Michal Zalewski [mailto:lcamtuf () dione cc]
Enviado el: jueves, 11 de diciembre de 2008 0:05
Para: bugtraq () securityfocus com; full-disclosure () lists grok org uk
Asunto: Browser Security Handbook

Hi all,

I am happy to announce the availability of our "Browser Security Handbook"
- a comprehensive, 60-page document meant to provide web application
developers and information security researchers with a one-stop reference
to several hundred key security properties and sometimes counterintuitive
quirks in contemporary web browsers:

   http://code.google.com/p/browsersec/wiki/Main

Having a clear picture of these characteristics appears to be of
significance to building secure web applications, and to auditing existing
designs for potential weaknesses. For this reason, I am hoping that the
document is a valuable contribution to the information security community.

BSH currently covers recent releases of Microsoft Internet Explorer
(versions 6 and 7), Mozilla Firefox (versions 2 and 3), Apple Safari,
Opera, Google Chrome, Android embedded browser, and a handful of browser
plugins.

Please note that due to the sheer number of characteristics covered, I
fully expect some kinks to show up here and there; feedback from vendors
and security researchers is greatly appreciated.

Cheers,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Browser Security Handbook Michal Zalewski (Dec 10)
- Re: Browser Security Handbook de gracia carron, jose angel (ext) (Dec 11)