| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: Browser Security Handbook. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
Browser Security Handbook
by possibly noteworthy at 7:47 am EST, Dec 16, 2008 |
Michal Zalewski, Googler: This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities. Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.
From the archive: “attacker can perform the aforementioned attack by deploying an uncooled microbolometer thermal imaging (far infrared) camera within up to approximately five to ten minutes after valid keycode entry”
|
Browser Security Handbook
by Worthersee at 9:49 pm EST, Dec 17, 2008 |
Michal Zalewski, Googler: This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities. Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.
From the archive: “attacker can perform the aforementioned attack by deploying an uncooled microbolometer thermal imaging (far infrared) camera within up to approximately five to ten minutes after valid keycode entry”
A must read for anyone that works with websites. |
|
|
