By Open Web Developer News Desk | Article Rating: |
|
January 2, 2009 05:45 AM EST | Reads: |
23,308 |
Google recently released its Browser Security Handbook to the general public. The 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements.
The Browser Security Handbook, Google hopes, will help make the Web a safer place.alewski, of the company's Security team, comments:
"Many people view the task of writing secure web applications as a very complex challenge - in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of the subtle differences and unexpected interactions between various browser security mechanisms.
Through the years, we found that having a full understanding of browser-specific quirks is critical to making sound security design decisions in modern Web 2.0 applications. For example, the same user-supplied link may appear to one browser as a harmless relative address, while another could interpret it as a potentially malicious Javascript payload. In another case, an application may rely on a particular HTTP request that is impossible to spoof from within the browser in order to defend the security of its users. However, an attacker might easily subvert the safeguard by crafting the same request from within commonly installed browser extensions. If not accounted for, these differences can lead to trouble."
Published January 2, 2009 Reads 23,308
Copyright © 2009 Ulitzer, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
More Stories By Open Web Developer News Desk
SYS-CON's Open Web News Desk tracks the constant stream of compelling technology and Open APIs being released by or catalyzed by Google and its allies.
- The i-Technology Right Stuff
- The Top 150 Players in Cloud Computing
- The Top 250 Players in the Cloud Computing Ecosystem
- "Virtualization Is Now a Key Strategic Theme," Says Citrix CTO
- Cloud People: A Who's Who of Cloud Computing
- As IBM Jumps On Board, There's Just No Stopping AJAX Now
- Cloud Computing Expo 2009 West: Call for Papers Now Closed
- Cloud Expo New York Call for Papers Now Open
- Cloud Expo Europe 2009 in Prague: Themes & Topics
- Bill Scott: Real-World AJAX Was a Blast