14 DAY TRIAL // Having taken Chrome out of Beta the past week, Google is ready to start lending a helping hand when it comes down to browser security. Thus, while Microsoft has made available a variety of tools designed to bulletproof web content and applications against attacks, including UrlScan, Microsoft Source Code Analyzer for SQL Injection, and the more recent CAT.NET CTP and Anti-XSS 3.0 Beta, Google is offering the Browser Security Handbook.
Aimed at web application developers, browser engineers, and information security researchers, the resource is designed to provide an insight into the critical security properties of Internet Explorer 7, IE6, Firefox 2, Firefox 3, Safari, Opera, Google Chrome, and Android.
“Many people view the task of writing secure web applications as a very complex challenge - in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of the subtle differences and unexpected interactions between various browser security mechanisms. Through the years, we found that having a full understanding of browser-specific quirks is critical to making sound security design decisions in modern Web 2.0 applications,” Google's Michael Zalewski, from the Security Team, revealed.
Google is placing the blame for the prevalence of several classes of security vulnerabilities on the failure of web content developers, engineers and researchers to adequately understand the key security characteristics of each browser. In this regard, Google attempts to fight the lack of information that it considers to be the source of some security flaws.
“In hopes of helping to make the Web a safer place, we decided to release our Browser Security Handbook to the general public. This 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with (hopefully) useful commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements,” Zalewski added.
Google Chrome is available for download here.
Internet Explorer 8 (IE8) Beta 2 is available for download here.
Firefox 3.1 Beta 2 for Windows is available here.
Firefox 3.1 Beta 2 for Linux is available here.
Firefox 3.1 Beta 2 for Mac OS X is available here.
Opera 10.0 Alpha 1 for Windows is available for download here.
Opera 10.0 Alpha 1 for Linux is available for download here.
Opera 10.0 Alpha 1 for Mac OS X is available for download here.