This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

ISWG Status 200810

Jump to: navigation, search

One of the goals for the month of October was to coordinate and execute the Browser Security and Web Application Framework workshops at the EU Summit. We were unsuccessful in gathering browser vendors and framework developers into the room due to the late notice. Both workshops went well.

The Browser Security workshop elicited a lot of useful discussion about what the group should be doing, how vendors should be interfaced, and identifying key recommendations for the browsers. A vendor that wasn't formally invited also showed up and helped us understand vendor perspective. At the end of the workshop we had a filled out Google Docs matrix of browser security features and a list of recommendations and a draft of the open letter to browser vendors.

The Web Application Framework was a real working session, with participants helping generate a Google Doc that compared all the major web application frameworks and identifying gaps that members can now reach out to framework groups to fill. Some very interesting things were learned.

A secondary goal of October was to perform more in-house advertisement of the ISWG since it's still relatively unknown. ISWG was advertised on stage several times at OWASP NYC and marketed heavily at the internal OWASP EU.

The goals for November and December include:

  • Publishing the working documents currently on Google docs (and answer the question – wiki vs. Google Docs?)
  • Revise the ISWG charter after discussion in Portugal
  • Deliver open letter to browser community through Dark Reading, other media outlets
  • Continue fostering discussion on ISWG mailing list