This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:Intrinsic Security Working Group

From OWASP
Jump to: navigation, search

Charter

The OWASP Intrinsic Security Working Group (ISWG) is a small, representative body of OWASP members whose primary goal is to help all the organizations involved in making web applications work on the Internet today. This involves proposing new functionality and advising how to improve existing functionality.

In order to accomplish these goals, the ISWG will focus their energy on the following tasks:

  • collect ideas from the OWASP community on how to secure the infrastructure of the web (including regarding browser features, influencing W3C standards, updating relevant RFCs, working with framework vendors)
  • create precise, organized and technical arguments for the acceptance of a community idea
  • communicate that idea to the appropriate stakeholder

Depending on the issue or idea, the ISWG may either create a draft for issuance to a stakeholder and then ask the OWASP community for input, or allow the draft be entirely crowdsourced and then perform final edits. Agile communications may be needed for faster moving organizations in which case the "point person" for the organization will have to keep notes of their conversations and try to best accommodate the target organization.

Joining the ISWG

If you are interested in joining the ISWG, please express your interest to an existing ISWG member or send a message to the ISWG mailing list. The ISWG are definitely seeking highly motivated individuals who are familiar with the hurdles of the current web application infrastructure and are capable of tackling issues in a non-combative way. The ISWG is not interested in nonconstructive arguments or those that would exhibit uncooperative behavior towards any of the stakeholders involved. We need respectful, technical and creative people who want to put the work in to create a better Internet architecture.

We need people who are good technologists to create scientific arguments. However, it is actually more important that we incorporate people that are motivated, persistent and strong communicators to "get us in the door" to an organization or community and help craft a convincing message.

Working Group Members

The members of the OWASP Intrinsic Security Working Group (ISWG) include the following members who collectively represent both the security community and the service industry whose customers are directly affected by the decisions made by the organizations we want to interact with:

Ongoing Collaborations / Relationships

Organization OWASP Interfaces Effort Details
W3C Sebastien Deleersnyder
Arshan Dabirsiaghi
Details
Sun Microsystems Jeff Williams Details
Apache Tomcat (Apache Software Foundation) Jim Manico Details
Microsoft ACE Team Arshan Dabirsiaghi Details
Mozilla Firefox (Mozilla Foundation) Giorgio Maone Details
Internet Explorer 8 Mario Heiderich Details

Input on W3C Workshop on device API security

Currently input (people / ideas) is requested to provide OWASP input on an upcoming W3C Workshop on device API security. A working page with details is started at ISWG - W3C Workshop on device API security.

Monthly Reports

The status reports indicate self-prescribed goals, deadlines, and progress on a month-by-month basis since the inception of the Intrinsic Security Working Group.

2009

March-April
January-February

2008

December
November
October
September

Publications

On May 4, 2009, the ISWG published "A Gap Analysis of Application Security in Struts2", a research project that will hopefully show architects and developers what attacks must be compensated for when building a Struts2 application and how the framework could improve its security. The document is available here.

Pages in category "Intrinsic Security Working Group"

The following 3 pages are in this category, out of 3 total.