Get started Bring yourself up to speed with our introductory content.

Web browser security tutorial: Safari, IE, Firefox browser protection

Newly updated: This Web browser security tutorial identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives and provides tools and tactics to maximize your Web browsing security and browser protection.

If not properly secured, Web browsers can serve as a gateway for malicious hackers who want to infect your net...


This tutorial discusses how to heighten your Web browser security efforts, identifies the inherent flaws of Internet Explorer, Mozilla Firefox and Safari, introduces viable Web browser alternatives, and provides tools and tactics to maximize Web browser security.

Web browser security best practices: Common questions, concerns and vulnerabilities

Here we will highlight articles that review general best practices for enhancing Web browser security in the enterprise, answer common Web browser security questions and concerns and examine some of the most common Web browser vulnerabilities and how to effectively protect against them.

When should new browsers be adopted in an enterprise?
(see link below)
According to security expert John Strand, it's helpful for organizations to look into alternative technologies and browsers, but one must always be aware of the complexity of an alternative browser and its possible effect on an enterprise's security architecture.

Learn the dangers and risk factors involved with supporting certain browsers as well as best practices for supporting alternative or multiple browsers.

Will Web browsers ever be fully equipped to detect and remove malware?
(see link below)
Are Web browsers sufficiently equipped to protect, detect and remove malware? Ed Skoudis discusses the role that Web browsers play in malware protection, examines if malware protection in browsers is adequate or needs improvement and reflects on whether browsers will eventually take on a more authoritative presence in the malware detection and removal process.

Clientless SSL VPN vulnerability and Web browser protection
(see link below)
Clientless SSL VPN vulnerabilities, which are found in a magnitude of products, can pose a serious threat to Web browser security, allowing attackers to bypass authentication mechanisms and conduct Web-based attacks.

In this tip, learn how attackers successfully exploit SSL VPN vulnerabilities and several actions that can help minimize risks, prevent vulnerabilities and ultimately improve Web browser protection.

Scaling back Web browser security expectations (see link below)
Today, the browser has become one of the most critical and most used pieces of software on nearly every computer. Consequently, it has become the focus of attack. Some say the state of Web browser security is in peril because browsers often fail to act as a first line of defense against malware. Does that mean there's a browser architecture crisis?

In this tip, Web security expert Michael Cobb examines ways in which Web browser security could be improved, but also stresses that the industry's Web browser security expectations may also need to be lowered.

Web browser attacks: Prevention and protection against common threats

This section of the Web Browser Security guide will discuss some common Web browser attacks and hacker techniques, such as clickjacking, man-in-the-browser, and uniform resource identifier (URI) exploits. Learn how to detect these types of attacks and implement necessary security measures to take to defend against them and heighten Web browser security.

How to prevent clickjacking attacks with security policy, not technology
(see link below)
Clickjacking, a hacker technique similar to cross-site scripting (XSS), tricks a user into executing malicious commands on a seemingly legitimate or innocent website.

In this tip, John Strand reviews discusses how organizations can prevent clickjacking attacks, as well as how clickjacking attacks work, how they compare to cross-site-scripting attacks and why the enterprise response may change your corporate culture.

Clickjacking browser attack technique poses a serious threat
(see link below)
Clickjacking causes its damage by controlling how a Web browser functions, essentially enabling hackers to force users to click on any piece of malicious content that they choose.

In this article, you will discover why researchers believe the attack technique's capabilities have been underestimated and learn more about its potential effect on Web browsers.

Preparing for uniform resource identifier (URI) exploits
(see link below)
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality.

Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike and unveils how users can recognize and defend against URI attacks.

Technologies to thwart online banking fraud (see link below)
One of the biggest motivators for attacking Web browsers and applications is online banking. They offer hackers the opportunity to commit online banking fraud, which could prove to be extremely lucrative if successful.

In this feature, learn about several technologies available to prevent online banking fraud and get more insight on several hacker techniques, such as man-in-the-browser attacks, in which a hacker targets a victim's Web browser, installing a Trojan on a victim's computer that's capable of modifying Web transactions as they occur in real time.

Microsoft Internet Explorer security and attacks

Microsoft Internet Explorer is a common target for browser hijacking and many other attack techniques. This section reviews IE's inherent flaws, and provides tools and tactics for security optimization. It will also discuss Internet Explorer 8 beta 2 security features and functionality.

IE 8 beta 2 security features may mark improvements for browser security
(see link below)
Despite Microsoft's previous best efforts to build a more secure browser, some users may have been discouraged with Internet Explorer 7, but user's expectations may have been met with the beta release of IE 8.

Michael Cobb looks back on the history of Internet Explorer security features, explores the security capabilities of Internet Explorer 8 and debates whether Microsoft and Internet Explorer have finally turned a corner.

Should you disable IE ESC, or manage it in Windows servers?
(see link below)
Internet Explorer Enhanced Security Configuration (IE ESC), which is available on Windows Server 2003 and 2008, enables enterprises to lock down IE on Windows servers, but admins often disable IE ESC instead of managing it.

In this tip, we'll look at why some admins think IE ESC is more trouble than it's worth and why it might be worth sticking with it despite some of its hassles.

A closer look at Internet Explorer 8 security features
(see link below)
Internet Explorer 8 includes a number of improvements and innovations that raise the bar for Web browsers and help make the Web surfing experience more productive and efficient, as well as more secure.

Tony Bradley explains why the security features in IE 8 may convince midmarket organizations to make the browser upgrade sooner rather than later.

Internet Explorer 8 includes a bevy of security features
(see link below)
Experts have praised Internet Explorer 8 security features, but say all browser makers have a long way to go in preventing browsers from being hackers' favorite mode of attack.

This article discusses IE 8's security feature improvements. It examines why the browser is a target for hacker attacks and how attackers are often able to stay one step ahead of browser makers.

Firefox browser security: Improvements, risks and vulnerabilities

Mozilla's Firefox browser has been a worth competitor with Internet Explorer, offering what many feel is a better end-user experience and enhanced security features. In this section of this Web browser security guide, learn more about the security features, vulnerabilites and risks associated with Firefox and learn how to weigh the pros and cons switching to Firefox from IE.

Mozilla security chief on Firefox improvements (see link below)
Firefox, the open source challenger to Microsoft's Internet Explorer, is steadily gaining popularity. In Firefox 3.5, Mozilla improved JavaScript performance, added the new Private Browsing mode, native support for open video and audio, and Location Aware Browsing.

In this interview with Information Security magazine's Michael S. Mimoso, Mozilla's Johnathan Nightingale discusses Firefox browser privacy and security issues, Mozilla's security processes and its automated patching process.

The pros and cons of migrating to Firefox (see link below)
Making the switch from Internet Explorer to Firefox isn't a security cure-all. Firefox proponents claim the browser offers an improved user experience and better security than IE. But do Firefox's security improvements justify a corporate-wide migration to the open source browser?

This article offers a look at the Firefox browser security advantages and the challenges corporations can expect to face during a browser migration.

What are the security risks of using an alternative browser? (see link below)
Internet Explorer may be the market leader in browsers, but that doesn't mean a thing when it comes to security.

In this expert Q&A, application security expert Michael Cobb examines the vulnerabilities in IE and other browser contenders, and discusses the security risks of using an alternative browser.

Google Chrome browser security features, capabilities

In this section of the Web browser security guide, learn more about the browser security features of Google Chrome, the vulnerabilities associated with the browser and how Google's browser security compares to that of other browsers, such as IE, Firefox and Safari.

What are Google Chrome's security features? (see link below)
Whenever Google does something new, it's big news, and the release of its own browser, Google Chrome, was no exception. As browsers are now the most common application interface, its security is a key feature and a critical factor in the search engine giant's success.

In this expert response, Michael Cobb outlines the security features of Google Chrome and examines if it can be considered a more secure alternative to other browsers.

Will Google Chrome enhance overall browser security? (see link below)
Will Google Chrome enhance overall browser security, or will it just be another browser platform among many?

Expert John Strand reviews Google Chrome's browser security features and some of Google's new approaches to browser seucrity; he also discusses vulnerabilities Chrome's browser has faced and what it has to offer enterprise IT teams.

Next Steps

Check out our Learning Guide landing page and get more advice on a variety of topics from the security experts and pros with our Information Security Learning Guides.

This was last published in May 2010

Dig Deeper on Web browser security