[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Browser Security Handbook

To: "'Michal Zalewski'" <lcamtuf@xxxxxxxx>, "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Browser Security Handbook
From: "de gracia carron, jose angel (ext)" <degracia.carron.joseangel@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Dec 2008 16:51:14 +0100

Asi es....
Google ha publicado un Manual de Seguridad del navegador accesible para todo el 
publico con la esperanza de ayudar a hacer la Web un lugar más seguro.

El manual consta de unas 60 páginas donde podemos encontrar amplio conjunto de 
características de seguridad y características de uso común en los navegadores, 
junto con útiles comentarios y sugerencias para los desarrolladores de 
aplicaciones que necesitan confiar en estos mecanismos, así como equipos de 
trabajo de ingeniería sobre el futuro del navegador del lado del incremento de 
la seguridad.

http://vulnerabilityteam.wordpress.com/2008/12/11/google-publica-un-manual-de-seguridad-para-navegadores-browsers/

-----Mensaje original-----
De: Michal Zalewski [mailto:lcamtuf@xxxxxxxx]
Enviado el: jueves, 11 de diciembre de 2008 0:05
Para: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx
Asunto: Browser Security Handbook

Hi all,

I am happy to announce the availability of our "Browser Security Handbook"
- a comprehensive, 60-page document meant to provide web application
developers and information security researchers with a one-stop reference
to several hundred key security properties and sometimes counterintuitive
quirks in contemporary web browsers:

   http://code.google.com/p/browsersec/wiki/Main

Having a clear picture of these characteristics appears to be of
significance to building secure web applications, and to auditing existing
designs for potential weaknesses. For this reason, I am hoping that the
document is a valuable contribution to the information security community.

BSH currently covers recent releases of Microsoft Internet Explorer
(versions 6 and 7), Mozilla Firefox (versions 2 and 3), Apple Safari,
Opera, Google Chrome, Android embedded browser, and a handful of browser
plugins.

Please note that due to the sheer number of characteristics covered, I
fully expect some kinks to show up here and there; feedback from vendors
and security researchers is greatly appreciated.

Cheers,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Browser Security Handbook
  - From: Michal Zalewski

Prev by Date: Re: [Full-disclosure] FD subject line/name of org suggestion...
Next by Date: Re: [Full-disclosure] FD subject line/name of org suggestion...
Previous by thread: [Full-disclosure] Browser Security Handbook
Next by thread: [Full-disclosure] AST-2008-012: Remote crash vulnerability in IAX2
Index(es):
- Date
- Thread