The awesome browser security project is available here.
Scoping considerations
What exactly is should be covered? My first proposal is to include:
- Security of the browser product.
- Web security issues involving a browser.
For XSS or CSRF, it means that all that browsers do to mitigate it is in scope, but nothing more. I wouldn’t want to cover privacy issues, especially topics such as fingerprinting, tracking, etc.
Topicality
The field is moving quite rapidly, so ideally, the list should reflect the current state-of-the-art on each of the fronts. Whenever possible, I tried to mark the publication date (at least a year).
Conciseness
The list should strive to be minimal. Hence the focus is on high-quality, in-depth introductions and source materials, such as formal specifications.
Completeness
This one is rather aspirational at this point. Eventually, I’d like this doc to be a map of all browser-related security issues.
Availability
Materials that are available for free on the Internet are strongly preferred.
Quality
I reserve the right to be mistaken about anything here. Feel free to provide feedback or point out any errors. Contributions are welcome.
