The Browser Security Handbook
Browser security is a topic that spans a wide range of subjects. This isn’t surprising given the number of exploit techniques that rely on webpages as a primary delivery channel in their attacks. Successful XSS, CSRF, SQL injection (via web app), and plug-in-based attacks all take advantage of the environment provided by the web browser.
Despite the importance of the browser in the chain of security, information on exactly how it goes about managing javascript across domains and determining when to show the “save as” download dialog can be overlooked. However, this is an area where attackers may concentrate their efforts to hedge out new exploits based on a weakness in browser security.
The Browser Security Handbook, released in 2008, is a frequently-updated information repository for all things dealing with modern browser security. It includes the methods presently employed by various browser vendors to improve the security on the application end, as well as some experimental techniques.
It’s certainly worth adding to your collection of security-related links.