This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Schedule"

From OWASP
Jump to: navigation, search
Line 27: Line 27:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']]
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']]
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Applying ESAPI input validation''']] <br>  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Applying ESAPI input validation''']] <br>  
*Serial Decomp: Decode, canonicalize, filter<br>
 
*Structured data (SSN, CC, etc.) <br>
 
*Unstructured data (comments, blogs, etc.) <br>
 
*Other input exaples (ws-, database, etc.) <br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']]  
Line 36: Line 32:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Defining AppSensor sensors for:''']] <br>
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Defining AppSensor sensors for:''']] <br>
*Forced Browsing <br>
 
*Request Velocity<br>
 
*Unexpected encodings<br>
 
*Impersonation (Sudden user switch) <br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']]  
Line 45: Line 37:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Managing Sessions''']] <br>
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Managing Sessions''']] <br>
*Across requests<br>
 
*Across containers<br>
 
*Invalidating sessions (Timeout, attack event, logout)<br>
 
*Invalidating sessions (across containers, SSO token invalidation, user termination)<br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting information stored client-side''']] <br>
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting Information Stored Client-Side''']] <br>
*Threat Modeling the problem <br>
 
*Protecting theft and re-playability of application-specific info (on client & in flight)<br>
 
*Protecting theft and re-playability of session-specific info (in flight)<br>
 
*Protecting session-specific information from attack on the client <br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']]  
Line 63: Line 47:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting against CSRF''']] <br>
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting against CSRF''']] <br>
*Hygiene: Discuss/show frames-busting, cross-domain policy; Discuss referrer and other red herrings <br>
 
*Tokens (crafting, scoping, and checking)<br>
 
*Discussions, techniques on scale<br>
 
*Discussions, techniquest on CAPTCHA, re-auth, etc. <br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Providing access to persisted data''']] <br>
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Providing Access to Persisted Data''']] <br>
*Controlling visibility of tables by role<br>
 
*Providing access to safe SQL-like query through DAO layer<br>
 
*Discussions, techniques for providing secure'auto-wiring' / marshaling<br>
 
*Encoding and canonicalization for storage (or alternatively: Security concerns with heirarchical caching and object pooling) <br>
 
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']]  

Revision as of 01:39, 14 December 2010

Global Summit 2011 Home Page
Global Summit 2011 Working Sessions

Browser Security Track
Cross-Site Scripting Eradication Track
University Outreach Track
No Fluff, Just Stuff Track
OWASP Global Committees


Summit 2011 Working Sessions

If you're interested in adding a Working Session for the 2011 Summit, there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact Lorna Alamri or Sarah Baso for more information.

Please review the Working Session methodology for Working Session rules.

Track 1: Browser Security Track 2: Cross-Site Scripting Eradication Track 3: University Outreach and Education Track 4: No Fluff, Just Stuff
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes.
Browser Security Cross-Site Scripting: Frameworks University Outreach Applying ESAPI input validation
Browser Security: Sandboxing Cross-Site Scripting: Awarenes, Resources, and Partnerships Defining AppSensor sensors for:
Browser Security: Securing Plugins Managing Sessions
Browser Security: Enduser Warnings Protecting Information Stored Client-Side
Browser Security: Blacklisting Protecting against CSRF
Browser Security: JavaScript Providing Access to Persisted Data
Browser Security: OS Integration
Browser Security: New HTTP Headers
Enterprise Web Defense Roundtable
Track notes:



Track notes:



Track notes:



Track notes:





Track 5: <open> Track 6: <open> Track 7: <open> Track 8: OWASP Global Committees
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes.
OWASP Projects
Projects - Assessment Criteria & Orphaned Projects
Projects - Funding, Marketing, & Commerical Services
OWASP Connections
OWASP Chapters
OWASP Education
OWASP Conferences
OWASP Industry
OWASP Membership
Track notes:



Track notes:



Track notes:



Track notes:





Retrieved from "https://wiki.owasp.org/index.php?title=Summit_2011_Schedule&oldid=96211"