Enterprise Software

Five tips for testing Web browser security

Drive-by downloads have made Web browsers the malware-delivery vehicle of choice. Here are five test sites that will help keep malware in check.

Like any other piece of software, Web browser code can and does contain vulnerabilities. Cybercriminals like vulnerabilities. They're the soft underbelly of any application.

I know five Web sites that are committed to keeping browsers free of vulnerabilities. These Web sites evaluate browsers for weaknesses and determine how freely private information is to be had. On top of that, all but one offer advice on how to make the tested Web browser secure.

Why five, you may ask. Well, I agree there is some overlap. But I found that each site manages to give a slightly different picture. I'll introduce them and let you pick your favorite/s.

1: Browserscope

When arriving at the Browserscope Web site, the first thing you see is test results comparing many aspects of the major Web browsers. Since this post is about Web-browser security, I'd like to focus on the Security tab. As can be expected, there are many tests in just that tab. This link explains their inner-workings.

The site also allows you to check out your active Web browser. Browserscope then adds it to the list, as shown in Figure A.

Figure A

2: BrowserSPY.dk

Last year, I wrote an article about Panopticlick. Afterward, I came across a similar Web site called BrowserSPY.dk (Figure B). It performs the same checks, plus an additional 64 tests. Sadly, BrowserSPY does not offer fixes. But it does a credible job of explaining how much information is free for the taking when visiting a Web site.

Figure B

3: PC Flank

The PC Flank Web site incorporates several tests that look at overall computer security as viewed from the Internet. The checks include Stealth Test, Advanced Port Scanner Test, Trojans Test, Exploits Test, and Browser Test. Once more, I want to focus on testing the Web browser. PC Flank tries to determine whether the Web browser gives up any personal information, location details, or specifics about your ISP.

The results in Figure C show what's going on with my Web browser. Cookies are allowed to be saved and referrer information is available to the Web sites I visit.

Figure C

4: Qualys BrowserCheck

If you don't mind, Qualys BrowserCheck needs to install a plug-in. That's how it looks for weaknesses in the Web browser, associated extensions, and ancillary applications. Checking aftermarket add-ons may seem like overkill, but it's not. Attackers are finding vulnerable TPV code an easy way to gain access. In Figure D, you can see that I need get busy and fix a few things.

Figure D

5: Scanit Browser Security Check

As a company, Scanit does all sorts of security testing, from penetration tests to making sure Web applications are secure. It also offers an online Web browser security test that looks for 19 vulnerabilities.

It seems the company is serious, as parlayed by the warning "Careful! This test will try to crash your browser!" Can't scare me; I have image ISOs. So I bravely proceeded. Fortunately, my Web browser survived (Figure E).

Figure E

Final thoughts

Now days, we have to be careful about who and what we trust. With that in mind, I wanted to get expert opinion on what Web browser tests can be trusted. These five surfaced as the best picks. If you have another favorite, I'd sure like to know about it.


Check out Five Tips... the newsletter

Get a concise roundup of solutions and techniques that will make your IT job go more smoothly. TechRepublic's Five Tips newsletter, delivered every Tuesday, gives you instant access to the information you need. Automatically sign up today.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks