Google’s Browser Security Handbook
Google came up with a Browser Security Handbook recently to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers.
It explains most of the security aspects of internet, specification and the different browsers implementation on those specifications.
The handbook is actually an online webpages covering the following three main parts:
- → Part 1: Basic concepts behind web browsers
- → Part 2: Standard browser security features
- → Part 3: Experimental and legacy security mechanisms
It’s a good read for web application developers, web application security teams or even learning hackers.
Some interesting findings:
IP Address:
Did you know that the standards for URL allows them to be presented in many ways?
Try this: 74.125.19.99 can be written in ambiguous ways such as 74.0x7d.023.99. Put into your browser url: http://74.0x7d.023.99 and it’s the same as http://74.125.19.99!!
Proprietary URL schemes:
Some browsers implement their own URL schemes other that the likes of ‘http’, ‘https’, ‘ftp’.
Eg, You can do a view-source:http://www.google.com.my/in the Firefox URL bar.
Other proprietary URL schemes includes: feed, hcp, its, mhtml, mk, ms-help, ms-its, ms-itss, jar, view-cache, wyciwyg
There are many other interesting sides of the browser security and it is a compilation of many years of hard work from the various experts. So it’s definitely a good and beneficial read!
The Browser Security handbook is written and maintained by Michal Zalewski <lcamtuf@google.com>