This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ISWG Status 200811"
(New page: The goals for November included publishing the working documents initially produced during the OWASP EU Summit working group sessions. Unfortunately, I was too busy this quarter to find th...) |
|||
| Line 3: | Line 3: | ||
Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to: | Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to: | ||
| − | 1. Contribute our security knowledge towards standards organizations | + | 1. Contribute our security knowledge towards standards organizations<br> |
| − | 2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features | + | 2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features<br> |
| − | 3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications | + | 3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications<br> |
It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community. | It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community. | ||
Latest revision as of 20:48, 16 December 2008
The goals for November included publishing the working documents initially produced during the OWASP EU Summit working group sessions. Unfortunately, I was too busy this quarter to find the time to make those materials ready for public consumption. This is a priority goal for the December/January time period.
Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to:
1. Contribute our security knowledge towards standards organizations
2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features
3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications
It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community.
Also, in November a discussion on the board between members led to the creation of a Google group aiming to create an HTTPOnly standard for browser makers to follow. We are now as a group making a first cut at a standard after some deliberation, and have been in discussion with some browser vendors for feedback. This is an extremely positive and global effect.
Finally, in November I participated in the ESAPI as a representative of the ISWG.
The goals of December/January include:
- Formalizing the documents from the EU Summit and publish them
- Follow up with HTTPOnly work
