The Browser Security Handbook, brought to us by Michal Zalewski (of Google) is a quite useful document (droll understatement). It documents various security facets of the leading web browsers and provides succinct tabular comparisons of behaviors. It is available here..
Browser Security Handbook (BSH)
Michal has also created various test scripts and their source code is available from this page:
The BSH is created and maintained on the Google Code wiki, and thus isn’t available if you’re offline (like on a plane). The wiki doesn’t provide for a clean download with link fixups and all, so I turned to
wget and use the below command to cache a local copy (I’m on Ubuntu GNU/Linux)..
wget -E -H -p --convert-links -nH -nd -N -P/PATH/TO/WHERE/YOU/WANT/IT/TO/LOCALLY/LIVE http://code.google.com/p/browsersec/wiki/Main http://code.google.com/p/browsersec/wiki/Part1 http://code.google.com/p/browsersec/wiki/Part2 http://code.google.com/p/browsersec/wiki/Part3
I alias the above gnarly command line to the simple “
getbrowsersec” command name (via my
.cshrc file), and so whenever I’m online and want to ensure I’ve got the latest revision, I just type “
getbrowsersec” and I’m all set. If you live in the Windows world, I’m not sure how you’d do the above natively. I’d install Cygwin, and then one has
wget, and can just use the above command.