This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

ISWG Status 200811

Revision as of 20:48, 16 December 2008 by Arshan (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The goals for November included publishing the working documents initially produced during the OWASP EU Summit working group sessions. Unfortunately, I was too busy this quarter to find the time to make those materials ready for public consumption. This is a priority goal for the December/January time period.

Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to:

1. Contribute our security knowledge towards standards organizations
2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features
3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications

It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community.

Also, in November a discussion on the board between members led to the creation of a Google group aiming to create an HTTPOnly standard for browser makers to follow. We are now as a group making a first cut at a standard after some deliberation, and have been in discussion with some browser vendors for feedback. This is an extremely positive and global effect.

Finally, in November I participated in the ESAPI as a representative of the ISWG.

The goals of December/January include:

  • Formalizing the documents from the EU Summit and publish them
  • Follow up with HTTPOnly work