Google’s Browser Security Handbook is packed full of useful information if you need a low-level look at how a browser might behave within specific use contexts.
Did you ever wonder how browsers work under the hood, how they process information? If you do any kind of security research or technical analysis, the answer is yes. However, there aren’t too many single resources which contain this information on all popular browsers. One which stands out, however, is Google’s Browser Security Handbook.
This free handbook covers security challenges for all currently used browsers, as listed in Table 1.
The information is divided into three parts:
In addition to general security information, you can download the test cases used to put the document together. Test scenarios were developed to ascertain how secure each browser is, given a specific set of conditions. For example, the test results for same-origin policy for cookies are shown in Figure 1.
This manual isn’t for everyone. It’s written to provide a deep understanding of how each browser responds within a certain attack or general use context. However, here are some suggestions for why you might want to wade through this information, even if you aren’t a fulltime security researcher:
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.
