Michael Zalewski has released a web browser security handbook to the public. As expected from someone of Zalewski’s technical knowledge and depth, this handbook is not for the feint of heart and gets very deep into describing browser behaviors amongst all the major players. Printing the main sections out takes just over 50 pages, to give some scope to the work.
This guide should be useful to security-conscious web developers, researchers, browser developers, web attackers, web pentesters, application defenders/analysts, and anyone wanting to get into the guts of how browsers try to keep you secure. Don’t expect, however, to see all the differences browser have like how IE does padding one way and Firefox does it another; rather, all the topics are related to security issues or potential security issues.