CTO Journal

Google recently released its Browser Security Handbook to the general public. The 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements.

The Browser Security Handbook, Google hopes, will help make the Web a safer place.alewski, of the company's Security team, comments:

"Many people view the task of writing secure web applications as a very complex challenge - in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of the subtle differences and unexpected interactions between various browser security mechanisms.

Through the years, we found that having a full understanding of browser-specific quirks is critical to making sound security design decisions in modern Web 2.0 applications. For example, the same user-supplied link may appear to one browser as a harmless relative address, while another could interpret it as a potentially malicious Javascript payload. In another case, an application may rely on a particular HTTP request that is impossible to spoof from within the browser in order to defend the security of its users. However, an attacker might easily subvert the safeguard by crafting the same request from within commonly installed browser extensions. If not accounted for, these differences can lead to trouble."

Related Stories

• Google Web Toolkit: Finally Java Has Been Put into JavaScript!
• JSON Creator Douglas Crawford Reveals the Brilliance Within JavaScript at AJAXWorld
• i-Technology Viewpoint: Death to the Browser
• Google Chrome - Browser War III
• Opera V8 Beta Browser, Like Firefox 1.0.1, Tackles Phishing and Spoofing