Google Browser Security Handbook

/Home/Internet Security: Articles

Browser Security Handbook

* Written and maintained by Michal Zalewski <lcamtuf@google.com>.
* Copyright 2008, 2009 Google Inc, rights reserved.
* Released under terms and conditions of the CC-3.0-BY license.

Table of Contents

* Introduction
* Disclaimers and typographical conventions
* Acknowledgments

* Part 1: Basic concepts behind web browsers
* Part 2: Standard browser security features
* Part 3: Experimental and legacy security mechanisms

Introduction

Hello, and welcome to the Browser Security Handbook!

This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.

Click the URL above to read the full handbook