This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session005"
From OWASP
Sarah Baso (talk | contribs) |
Sarah Baso (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | {{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude> | |
| − | <includeonly> | ||
|- | |- | ||
| − | | summit_session_attendee_name1 = | + | | summit_session_attendee_name1 = Email John Wilander if you are unable to edit the Wiki and would like to sign up! |
| − | | summit_session_attendee_email1 = | + | | summit_session_attendee_email1 = [email protected] |
| summit_session_attendee_company1= | | summit_session_attendee_company1= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | ||
| − | | summit_session_attendee_name2 = | + | | summit_session_attendee_name2 = Michael Coates |
| summit_session_attendee_email2 = | | summit_session_attendee_email2 = | ||
| summit_session_attendee_company2= | | summit_session_attendee_company2= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | ||
| − | | summit_session_attendee_name3 = | + | | summit_session_attendee_name3 = Colin Watson |
| summit_session_attendee_email3 = | | summit_session_attendee_email3 = | ||
| summit_session_attendee_company3= | | summit_session_attendee_company3= | ||
| Line 104: | Line 103: | ||
|- | |- | ||
| − | | summit_session_name = | + | | summit_track_logo = [[Image:T._browser_security.jpg]] |
| + | | summit_ws_logo = [[Image:WS._browser_security.jpg]] | ||
| + | | summit_session_name = New HTTP Header | ||
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005 | | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005 | ||
| − | | mailing_list = | + | | mailing_list = https://groups.google.com/group/owasp-summit-browsersec |
|- | |- | ||
| − | | short_working_session_description= | + | | short_working_session_description= Are new opt-in HTTP headers the right way to add security features? For example: |
| + | * [http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 HTTP Strict Transport Security] for enforced HTTPS (supported in Chrome 4, Firefox+NoScript, Firefox 4 and up) | ||
| + | * [http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx X-Frame-Options] for non-framing (supported in IE8, FF3.6, Safari 4, Opera 10.5, Chrome 4 and up) | ||
| + | * [https://developer.mozilla.org/en/Introducing_Content_Security_Policy Content Security Policy] for whitelisting of script and media sources (supported in Firefox 4 and up) | ||
|- | |- | ||
| − | | related_project_name1 = | + | | related_project_name1 = Browser Security Track - main page |
| − | | related_project_url_1 = | + | | related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track |
| − | | related_project_name2 = | + | | related_project_name2 = Google Group for the Browser Security Track |
| − | | related_project_url_2 = | + | | related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec |
| related_project_name3 = | | related_project_name3 = | ||
| Line 136: | Line 140: | ||
| summit_session_objective_name3 = | | summit_session_objective_name3 = | ||
| − | | summit_session_objective_name4 = | + | | summit_session_objective_name4 = |
| summit_session_objective_name5 = | | summit_session_objective_name5 = | ||
| − | |||
|- | |- | ||
| − | | working_session_date_and_time = | + | | working_session_date_and_time = Tuesday, 09 February <br> Time: TBA |
|- | |- | ||
| − | | discussion_model = | + | | discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups. |
|- | |- | ||
| Line 154: | Line 157: | ||
|- | |- | ||
| − | | working_session_additional_details = | + | | working_session_additional_details = <br> |
| + | |||
| + | ===Co-chair John Wilander=== | ||
| + | [http://www.owasp.org/index.php/User:John.wilander John Wilander] is chapter co-leader in Sweden and ran the AppSec conference in Stockholm 2010. He is still [http://www.ida.liu.se/~johwi/research_publications/ pursuing his PhD in software security] and works as an appsec consultant in media/banking/healthcare. | ||
| + | ===Co-chair Michael Coates=== | ||
| + | [http://www.owasp.org/index.php/User:MichaelCoates Michael Coates] is a long-time OWASP contributor and leader, as well as a Mozilla employee. He leads the [http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project AppSensor] and the [http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet TLS Cheat Sheet] project. | ||
|- | |- | ||
| − | |summit_session_deliverable_name1 = | + | |summit_session_deliverable_name1 = Browser Security Report |
|summit_session_deliverable_url_1 = | |summit_session_deliverable_url_1 = | ||
| − | |summit_session_deliverable_name2 = | + | |summit_session_deliverable_name2 = Browser Security Priority List |
|summit_session_deliverable_url_2 = | |summit_session_deliverable_url_2 = | ||
| Line 175: | Line 183: | ||
|- | |- | ||
| − | | summit_session_leader_name1 = | + | | summit_session_leader_name1 = John Wilander |
| − | | summit_session_leader_email1 = | + | | summit_session_leader_email1 = [email protected] |
| − | | summit_session_leader_name2 = | + | | summit_session_leader_name2 = Michal Coates |
| − | | summit_session_leader_email2 = | + | | summit_session_leader_email2 = [email protected] |
| − | | summit_session_leader_name3 = | + | | summit_session_leader_name3 = |
| summit_session_leader_email3 = | | summit_session_leader_email3 = | ||
|- | |- | ||
| − | | operational_leader_name1 = | + | | operational_leader_name1 = John Wilander |
| − | | operational_leader_email1 = | + | | operational_leader_email1 = [email protected] |
|- | |- | ||
| − | |||
| meeting_notes = | | meeting_notes = | ||
| − | |||
|- | |- | ||
| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session005 | | session_name_mask = <!--Please replace DO NOT EDIT this string --> Session005 | ||
| session_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Working_Sessions/Session005 | | session_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Working_Sessions/Session005 | ||
}} | }} | ||
| + | </includeonly> | ||
Revision as of 02:00, 25 January 2011
Global Summit 2011 Home Page
Global Summit 2011 Tracks
 New HTTP Header
| ||||||
|---|---|---|---|---|---|---|
| Please see/use the 'discussion' page for more details about this Working Session | ||||||
| Working Sessions Operational Rules - Please see here the general frame of rules. |
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Short Work Session Description | Are new opt-in HTTP headers the right way to add security features? For example:
| |||||
| Related Projects (if any) |
| |||||
| Email Contacts & Roles | Chair John Wilander @ Michal Coates @ |
Operational Manager John Wilander @ |
Mailing list https://groups.google.com/group/owasp-summit-browsersec | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives | ||||||
| Venue/Date&Time/Model | Venue/Room OWASP Global Summit Portugal 2011 |
Date & Time Tuesday, 09 February Time: TBA
|
Discussion Model The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups. | |||
| |
|---|
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| |
|---|
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
Co-chair John WilanderJohn Wilander is chapter co-leader in Sweden and ran the AppSec conference in Stockholm 2010. He is still pursuing his PhD in software security and works as an appsec consultant in media/banking/healthcare. Co-chair Michael CoatesMichael Coates is a long-time OWASP contributor and leader, as well as a Mozilla employee. He leads the AppSensor and the TLS Cheat Sheet project. | ||||||
| WORKING SESSION OUTCOMES / DELIVERABLES | ||
|---|---|---|
| Proposed by Working Group | Approved by OWASP Board | |
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
Working Session Participants
(Add you name by clicking "edit" on the tab on the upper left side of this page)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| Email John Wilander if you are unable to edit the Wiki and would like to sign up! @ |
|
| ||||
| Michael Coates |
| |||||
| Colin Watson |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
</includeonly>
