This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Working Sessions Browser Working Group"

From OWASP
Jump to: navigation, search
(Added objectives and leader attendees)
Line 33: Line 33:
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Objectives'''  
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Objectives'''  
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <font color="black"></font><font color="black"></font><font color="black">
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <font color="black"></font><font color="black"></font><font color="black">
#Discuss gaps and patterns in gaps in security coverage across frameworks,  
+
#Discuss how to enhance enduser security in web applications,  
#Discuss possible solutions for security areas.</font>  
+
#Discuss browser-based countermeasures against XSS, CSRF, man-in-the-middle, man-in-the-browser and full remote access exploits.</font>  
  
 
|-
 
|-
Line 42: Line 42:
 
'''Date&amp;Time'''  
 
'''Date&amp;Time'''  
  
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Discussion Model'''<br>"Participants + Attendees"
+
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Discussion Model'''<br>"Open Space, demo-driven discussion, round-table discussions (i e not a PowerPoint race)"
 
|}
 
|}
  
Line 54: Line 54:
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''</font>
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''</font>
 
|-
 
|-
| align="center" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | Projector, whiteboards, markers, Internet connectivity, power
+
| align="center" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | Projector, whiteboards, markers, Internet connectivity, post-it notes, power
 
|}
 
|}
  
Line 68: Line 68:
 
| align="left" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" |  
 
| align="left" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" |  
 
*'''Related resources:''' [[OWASP Working Session - Browser Security Letters]]  
 
*'''Related resources:''' [[OWASP Working Session - Browser Security Letters]]  
*'''Frameworks to invite:''' .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc.
+
*'''Browser vendors invited:'''Apple, Google, Microsoft, Mozilla, Opera
**10 Oct: "Open Letter to Frameworks (version for open mailing lists)" sent to
 
***Ruby-on-Rails Core mailing list
 
***Springnet Developer mailing list
 
***Struts Dev mailing list
 
  
 
|}
 
|}
Line 85: Line 81:
 
|-
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Actionable advice for each individual frameworks.  
+
| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Enhanced cooperation between browser vendors.  
 
| align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | After the Board Meeting - fill in here.
 
| align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | After the Board Meeting - fill in here.
 
|-
 
|-
Line 96: Line 92:
  
 
{{:Template:Summit 2011 Working Sessions Attendee/Columns}}
 
{{:Template:Summit 2011 Working Sessions Attendee/Columns}}
{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
+
{{:Summit_2011_Attendee/Attendee024 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
+
{{:Summit_2011_Attendee/Attendee010 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
 
  
 
|}
 
|}

Revision as of 20:59, 6 December 2010

Global Summit 2011 Home Page
Global Summit 2011 Schedule
Global Summit 2011 Working Sessions

Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name Browser Working Group
Short Work Session Description One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plug-ins and web technologies. Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and end-users. Do not miss this chance to influence what's important in browser security in the coming years.
Related Projects (if any) Sandboxing, Securing Plugins, Enduser Warnings, Blacklisting, OS Integration, JavaScript, New HTTP Headers
Email Contacts & Roles Chair
Secretary
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Discuss how to enhance enduser security in web applications,
  2. Discuss browser-based countermeasures against XSS, CSRF, man-in-the-middle, man-in-the-browser and full remote access exploits.
Venue/Date&Time/Model Venue
OWASP Global Summit Portugal 2011

Date&Time

Discussion Model
"Open Space, demo-driven discussion, round-table discussions (i e not a PowerPoint race)"

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, post-it notes, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board

Enhanced cooperation between browser vendors. After the Board Meeting - fill in here.

Identify points-of-contact for frameworks. After the Board Meeting - fill in here.

Working Session Participants

Working Session Participants

Name Company Notes & reason for participating, issues to be discussed/addressed
view edit John Wilander @ Omegapoint Session Leader
view edit Michael Coates @ Mozilla