This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session004"
From OWASP
Sarah Baso (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
| (14 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude> | {{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude> | ||
|- | |- | ||
| − | + | | summit_session_attendee_name1 = John Wilander | |
| − | | summit_session_attendee_name1 = | + | | summit_session_attendee_email1 = [email protected] |
| − | | summit_session_attendee_email1 = | + | | summit_session_attendee_username1 = |
| summit_session_attendee_company1= | | summit_session_attendee_company1= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | ||
| − | | summit_session_attendee_name2 = | + | | summit_session_attendee_name2 = Michael Coates |
| − | | summit_session_attendee_email2 = | + | | summit_session_attendee_email2 = [email protected] |
| + | | summit_session_attendee_username2 = | ||
| summit_session_attendee_company2= | | summit_session_attendee_company2= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | ||
| Line 14: | Line 15: | ||
| summit_session_attendee_name3 = | | summit_session_attendee_name3 = | ||
| summit_session_attendee_email3 = | | summit_session_attendee_email3 = | ||
| + | | summit_session_attendee_username3 = | ||
| summit_session_attendee_company3= | | summit_session_attendee_company3= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | ||
| − | | summit_session_attendee_name4 = | + | | summit_session_attendee_name4 = Vishal Garg |
| − | | summit_session_attendee_email4 = | + | | summit_session_attendee_email4 = [email protected] |
| − | | summit_session_attendee_company4= | + | | summit_session_attendee_username4 = |
| + | | summit_session_attendee_company4= AppSecure Labs | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | ||
| summit_session_attendee_name5 = | | summit_session_attendee_name5 = | ||
| summit_session_attendee_email5 = | | summit_session_attendee_email5 = | ||
| + | | summit_session_attendee_username5 = | ||
| summit_session_attendee_company5= | | summit_session_attendee_company5= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | ||
| Line 29: | Line 33: | ||
| summit_session_attendee_name6 = | | summit_session_attendee_name6 = | ||
| summit_session_attendee_email6 = | | summit_session_attendee_email6 = | ||
| + | | summit_session_attendee_username6 = | ||
| summit_session_attendee_company6= | | summit_session_attendee_company6= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6= | ||
| Line 34: | Line 39: | ||
| summit_session_attendee_name7 = | | summit_session_attendee_name7 = | ||
| summit_session_attendee_email7 = | | summit_session_attendee_email7 = | ||
| + | | summit_session_attendee_username7 = | ||
| summit_session_attendee_company7= | | summit_session_attendee_company7= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7= | ||
| Line 39: | Line 45: | ||
| summit_session_attendee_name8 = | | summit_session_attendee_name8 = | ||
| summit_session_attendee_email8 = | | summit_session_attendee_email8 = | ||
| + | | summit_session_attendee_username8 = | ||
| summit_session_attendee_company8= | | summit_session_attendee_company8= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8= | ||
| Line 44: | Line 51: | ||
| summit_session_attendee_name9 = | | summit_session_attendee_name9 = | ||
| summit_session_attendee_email9 = | | summit_session_attendee_email9 = | ||
| + | | summit_session_attendee_username9 = | ||
| summit_session_attendee_company9= | | summit_session_attendee_company9= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9= | ||
| Line 49: | Line 57: | ||
| summit_session_attendee_name10 = | | summit_session_attendee_name10 = | ||
| summit_session_attendee_email10 = | | summit_session_attendee_email10 = | ||
| + | | summit_session_attendee_username10 = | ||
| summit_session_attendee_company10= | | summit_session_attendee_company10= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= | ||
| Line 54: | Line 63: | ||
| summit_session_attendee_name11 = | | summit_session_attendee_name11 = | ||
| summit_session_attendee_email11 = | | summit_session_attendee_email11 = | ||
| + | | summit_session_attendee_username11 = | ||
| summit_session_attendee_company11= | | summit_session_attendee_company11= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= | ||
| Line 59: | Line 69: | ||
| summit_session_attendee_name12 = | | summit_session_attendee_name12 = | ||
| summit_session_attendee_email12 = | | summit_session_attendee_email12 = | ||
| + | | summit_session_attendee_username12 = | ||
| summit_session_attendee_company12= | | summit_session_attendee_company12= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12= | ||
| Line 64: | Line 75: | ||
| summit_session_attendee_name13 = | | summit_session_attendee_name13 = | ||
| summit_session_attendee_email13 = | | summit_session_attendee_email13 = | ||
| + | | summit_session_attendee_username13 = | ||
| summit_session_attendee_company13= | | summit_session_attendee_company13= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13= | ||
| Line 69: | Line 81: | ||
| summit_session_attendee_name14 = | | summit_session_attendee_name14 = | ||
| summit_session_attendee_email14 = | | summit_session_attendee_email14 = | ||
| + | | summit_session_attendee_username14 = | ||
| summit_session_attendee_company14= | | summit_session_attendee_company14= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= | ||
| Line 74: | Line 87: | ||
| summit_session_attendee_name15 = | | summit_session_attendee_name15 = | ||
| summit_session_attendee_email15 = | | summit_session_attendee_email15 = | ||
| + | | summit_session_attendee_username15 = | ||
| summit_session_attendee_company15= | | summit_session_attendee_company15= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15= | ||
| Line 79: | Line 93: | ||
| summit_session_attendee_name16 = | | summit_session_attendee_name16 = | ||
| summit_session_attendee_email16 = | | summit_session_attendee_email16 = | ||
| + | | summit_session_attendee_username16 = | ||
| summit_session_attendee_company16= | | summit_session_attendee_company16= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16= | ||
| Line 84: | Line 99: | ||
| summit_session_attendee_name17 = | | summit_session_attendee_name17 = | ||
| summit_session_attendee_email17 = | | summit_session_attendee_email17 = | ||
| + | | summit_session_attendee_username17 = | ||
| summit_session_attendee_company17= | | summit_session_attendee_company17= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17= | ||
| Line 89: | Line 105: | ||
| summit_session_attendee_name18 = | | summit_session_attendee_name18 = | ||
| summit_session_attendee_email18 = | | summit_session_attendee_email18 = | ||
| + | | summit_session_attendee_username18 = | ||
| summit_session_attendee_company18= | | summit_session_attendee_company18= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18= | ||
| Line 94: | Line 111: | ||
| summit_session_attendee_name19 = | | summit_session_attendee_name19 = | ||
| summit_session_attendee_email19 = | | summit_session_attendee_email19 = | ||
| + | | summit_session_attendee_username19 = | ||
| summit_session_attendee_company19= | | summit_session_attendee_company19= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19= | ||
| Line 99: | Line 117: | ||
| summit_session_attendee_name20 = | | summit_session_attendee_name20 = | ||
| summit_session_attendee_email20 = | | summit_session_attendee_email20 = | ||
| + | | summit_session_attendee_username20 = | ||
| summit_session_attendee_company20= | | summit_session_attendee_company20= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20= | ||
| − | |||
|- | |- | ||
| + | | summit_track_logo = [[Image:T._browser_security.jpg]] | ||
| + | | summit_ws_logo = [[Image:WS._browser_security.jpg]] | ||
| summit_session_name = Enduser Warnings | | summit_session_name = Enduser Warnings | ||
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 | | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 | ||
| + | | mailing_list = https://groups.google.com/group/owasp-summit-browsersec | ||
|- | |- | ||
| − | | short_working_session_description= | + | | short_working_session_description= |
| − | |||
|- | |- | ||
| − | | related_project_name1 = | + | | related_project_name1 = Browser Security Track - main page |
| − | | related_project_url_1 = | + | | related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track |
| − | | related_project_name2 = | + | | related_project_name2 = Google Group for the Browser Security Track |
| − | | related_project_url_2 = | + | | related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec |
| related_project_name3 = | | related_project_name3 = | ||
| Line 129: | Line 149: | ||
|- | |- | ||
| − | | summit_session_objective_name1= | + | | summit_session_objective_name1= Clearly there is a need for warnings that users understand and that conveys the right information. Perhaps we can agree on some guidelines or at least exchange lessons learned. |
| − | | summit_session_objective_name2 = | + | | summit_session_objective_name2= <noinclude>How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings? Mozilla replaces the padlock with a [https://support.mozilla.com/en-US/kb/Site%20Identity%20Button site identity button] i Firefox 4. "Larry" will inform the user of the site's status. Google recently tried out a skull & bones icon for bad certs but moved back to [http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95617 padlocks] again.</noinclude> |
| − | | summit_session_objective_name3 = | + | | summit_session_objective_name3= <noinclude>How should browsers communicate other kinds of information such as privacy, malware warnings, "not visited before" etc? Forbes had an interesting example of [http://blogs.forbes.com/kashmirhill/2011/01/05/visualizing-better-privacy-policies/?boxes=Homepagechannels how to visualize privacy].</noinclude> |
| − | | summit_session_objective_name4 = | + | | summit_session_objective_name4 = |
| summit_session_objective_name5 = | | summit_session_objective_name5 = | ||
| − | |||
|- | |- | ||
| − | | working_session_date_and_time = | + | | working_session_date_and_time = Tuesday, 09 February <br> Time: TBA |
|- | |- | ||
| − | | discussion_model = | + | | discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups. |
|- | |- | ||
| Line 153: | Line 172: | ||
|- | |- | ||
| − | | working_session_additional_details = | + | | working_session_additional_details = <br> |
| + | [[Image:Three_browsers_user_info.jpg]] | ||
| + | |||
| + | |||
| + | Some additional information, thoughts and discussions on these subjects elsewhere: | ||
| + | |||
| + | * [http://www.freedom-to-tinker.com/blog/sjs/web-browser-security-user-interfaces-hard-get-right-and-increasingly-inconsistent Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent], Freedom to Tinker, 18 Jan 2011 | ||
| + | * [http://intrepidusgroup.com/insight/2010/04/security-dialogs-and-graphics/ Security Dialogs and Graphics], Insight, 27 Apr 2010 | ||
| + | * [http://www.w3.org/TR/wsc-ui/ Web Security Context: User Interface Guidelines], W3C, 12 Aug 2010 | ||
| + | * [http://www.clerkendweller.com/2009/7/28/Colour-Overload-with-IE8-Tab-Grouping Colour Overload with IE8 Tab Grouping], Clerkendweller, 28 Jul 2009 | ||
| + | * [http://www.usablesecurity.org/emperor/ The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies], IEEE Symposium on Security and Privacy, May 2007 | ||
|- | |- | ||
| − | |summit_session_deliverable_name1 = | + | |summit_session_deliverable_name1 = Browser Security Report |
| − | |||
| − | |summit_session_deliverable_name2 = | + | |summit_session_deliverable_name2 = Browser Security Priority List |
| − | |||
|summit_session_deliverable_name3 = | |summit_session_deliverable_name3 = | ||
| − | |||
|summit_session_deliverable_name4 = | |summit_session_deliverable_name4 = | ||
| − | |||
|summit_session_deliverable_name5 = | |summit_session_deliverable_name5 = | ||
| − | | | + | |
| + | |summit_session_deliverable_name6 = | ||
| + | |||
| + | |summit_session_deliverable_name7 = | ||
| + | |||
| + | |summit_session_deliverable_name8 = | ||
|- | |- | ||
| − | | summit_session_leader_name1 = | + | | summit_session_leader_name1 = John Wilander |
| − | | summit_session_leader_email1 = | + | | summit_session_leader_email1 = [email protected] |
| − | | | + | | summit_session_leader_username1 = John.wilander |
| summit_session_leader_name2 = | | summit_session_leader_name2 = | ||
| summit_session_leader_email2 = | | summit_session_leader_email2 = | ||
| − | | | + | | summit_session_leader_username2 = |
| − | | summit_session_leader_name3 = | + | | summit_session_leader_name3 = |
| summit_session_leader_email3 = | | summit_session_leader_email3 = | ||
| − | | | + | | summit_session_leader_username3 = |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | | | + | | operational_leader_name1 = John Wilander |
| − | | | + | | operational_leader_email1 = [email protected] |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | |||
| meeting_notes = | | meeting_notes = | ||
| − | |||
|- | |- | ||
| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session004 | | session_name_mask = <!--Please replace DO NOT EDIT this string --> Session004 | ||
| session_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Working_Sessions/Session004 | | session_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Working_Sessions/Session004 | ||
}} | }} | ||
| + | </includeonly> | ||
Latest revision as of 06:19, 1 February 2011
Global Summit 2011 Home Page
Global Summit 2011 Tracks
 Enduser Warnings
| ||||||
|---|---|---|---|---|---|---|
| Please see/use the 'discussion' page for more details about this Working Session | ||||||
| Working Sessions Operational Rules - Please see here the general frame of rules. |
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Short Work Session Description | | |||||
| Related Projects (if any) |
| |||||
| Email Contacts & Roles | Chair John Wilander @ |
Operational Manager John Wilander @ |
Mailing list https://groups.google.com/group/owasp-summit-browsersec | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives |
| |||||
| Venue/Date&Time/Model | Venue/Room OWASP Global Summit Portugal 2011 |
Date & Time Tuesday, 09 February Time: TBA
|
Discussion Model The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups. | |||
| |
|---|
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| |
|---|
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
|
| ||||||
| WORKING SESSION OUTCOMES / DELIVERABLES | ||
|---|---|---|
| Proposed by Working Group | Approved by OWASP Board | |
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
Working Session Participants
(Add you name by clicking "edit" on the tab on the upper left side of this page)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| John Wilander @ |
|
| ||||
| Michael Coates @ |
| |||||
| |
| |||||
| Vishal Garg @ |
AppSecure Labs |
| ||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
</includeonly>
