Forum Moderators: open
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.
[code.google.com...]
There are three main sections to the online handbook:
Part 1: Basic concepts behind web browsers
Part 2: Standard browser security features
Part 3: Experimental and legacy security mechanismsI've never worked on developing a browser, but this is valuable information for me, too, as it clears up a lot of my "black box" thinking.
Reading information like this makes me feel like my friends when they set their browser to disable third party cookies for the first time and they start seeing dozens of cookie requests as they browse. They had no idea how much gets placed on their computer much like I'm about to be saying "I had no idea" while reading that.
