lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 11 Dec 2008 16:51:14 +0100
From: "de gracia carron, jose angel (ext)"
	<degracia.carron.joseangel@...vexternos.repsol.com>
To: 'Michal Zalewski' <lcamtuf@...ne.cc>, "bugtraq@...urityfocus.com"
	<bugtraq@...urityfocus.com>, "full-disclosure@...ts.grok.org.uk"
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: Browser Security Handbook

Asi es....
Google ha publicado un Manual de Seguridad del navegador accesible para todo el publico con la esperanza de ayudar a hacer la Web un lugar más seguro.

El manual consta de unas 60 páginas donde podemos encontrar amplio conjunto de características de seguridad y características de uso común en los navegadores, junto con útiles comentarios y sugerencias para los desarrolladores de aplicaciones que necesitan confiar en estos mecanismos, así como equipos de trabajo de ingeniería sobre el futuro del navegador del lado del incremento de la seguridad.

http://vulnerabilityteam.wordpress.com/2008/12/11/google-publica-un-manual-de-seguridad-para-navegadores-browsers/

-----Mensaje original-----
De: Michal Zalewski [mailto:lcamtuf@...ne.cc]
Enviado el: jueves, 11 de diciembre de 2008 0:05
Para: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
Asunto: Browser Security Handbook

Hi all,

I am happy to announce the availability of our "Browser Security Handbook"
- a comprehensive, 60-page document meant to provide web application
developers and information security researchers with a one-stop reference
to several hundred key security properties and sometimes counterintuitive
quirks in contemporary web browsers:

   http://code.google.com/p/browsersec/wiki/Main

Having a clear picture of these characteristics appears to be of
significance to building secure web applications, and to auditing existing
designs for potential weaknesses. For this reason, I am hoping that the
document is a valuable contribution to the information security community.

BSH currently covers recent releases of Microsoft Internet Explorer
(versions 6 and 7), Mozilla Firefox (versions 2 and 3), Apple Safari,
Opera, Google Chrome, Android embedded browser, and a handful of browser
plugins.

Please note that due to the sheer number of characteristics covered, I
fully expect some kinks to show up here and there; feedback from vendors
and security researchers is greatly appreciated.

Cheers,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ