This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Working Session - Browser Security"
m |
m |
||
Line 31: | Line 31: | ||
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model''' | | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model''' | ||
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] | | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] | ||
− | | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4, 2008 <br> | + | | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4, 2008 <br>8:30 |
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>Everybody is a Participant | | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>Everybody is a Participant | ||
|} | |} | ||
Line 54: | Line 54: | ||
- Time: 30 mins | - Time: 30 mins | ||
Introduction | Introduction | ||
+ | |||
+ | - Time: 2 hrs 00 mins | ||
+ | Identify and generate advice on short term issues with relatively low impact on adoption and site-breakage | ||
+ | Analyze security feature matrix and compare browser features | ||
- Time: 2 hrs 30 mins | - Time: 2 hrs 30 mins | ||
− | Address issues in the current | + | Address issues in the current HTML5 specifications |
− | - Time: | + | - Time: 3 hrs 30 mins |
− | + | Long term: General policy enforcement (NoScript as a model for browsers?) | |
+ | Long term: JavaScript policy-driven sandboxing | ||
+ | |||
+ | - Remaining time: | ||
− | + | Identify 5 Key Browser Risks and select the top 3, Build a proposal to target key players in the industry and ask for their support | |
Confirm point leads, roles and responsibilities | Confirm point leads, roles and responsibilities | ||
Revision as of 19:44, 28 October 2008
Working Sessions Operational Rules - Please see here the general frame of rules. |
---|
WORKING SESSION IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Work Session Name | ISWG Browser Security | |||||
Short Work Session Description | Brainstorming on how to introduce more useful security into our browsers | |||||
Related Projects (if any) |
OWASP ISWG (Intrinsic Security Working Group) = OWASP Intrinsic Security Working Group - Browser Security | |||||
Email Contacts & Roles | Chair Arshan Dabirsiaghi |
Secretary Kuai Hinojosa |
Mailing list Subscription Page |
WORKING SESSION SPECIFICS | ||||||
---|---|---|---|---|---|---|
Objectives |
| |||||
Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 4, 2008 8:30 |
Discussion Model Everybody is a Participant |
WORKING SESSION OPERATIONAL RESOURCES | ||||||
---|---|---|---|---|---|---|
Projector, whiteboards, markers, Internet connectivity, power |
WORKING SESSION ADDITIONAL DETAILS | ||||||
---|---|---|---|---|---|---|
- Time: 30 mins Introduction - Time: 2 hrs 00 mins Identify and generate advice on short term issues with relatively low impact on adoption and site-breakage Analyze security feature matrix and compare browser features - Time: 2 hrs 30 mins Address issues in the current HTML5 specifications - Time: 3 hrs 30 mins Long term: General policy enforcement (NoScript as a model for browsers?) Long term: JavaScript policy-driven sandboxing - Remaining time: Identify 5 Key Browser Risks and select the top 3, Build a proposal to target key players in the industry and ask for their support Confirm point leads, roles and responsibilities Related resources: |
WORKING SESSION OUTCOMES | ||
---|---|---|
Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
OWASP Top 10 Browser Wishlist. | After the Board Meeting - fill in here. | |
Actionable advice and technical arguments for HTML5 feature set. | After the Board Meeting - fill in here. | |
Establish OWASP points-of-contact for W3C. | After the Board Meeting - fill in here. | |
Fill in here. | After the Board Meeting - fill in here. |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
WORKING SESSION PARTICIPANTS | ||||||
---|---|---|---|---|---|---|
Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
- | TDB (Officially Invited by OWASP) |
Official Representative from Microsoft's IE team | ||||
- | TDB (Officially Invited by OWASP) |
Official Representative from Mozilla Foundation's Firefox team | ||||
- | TDB (Officially Invited by OWASP) |
Official Representative from Opera's team | ||||
- | TDB (Officially Invited by OWASP) |
Official Representative from Apple's Safari team | ||||
- | TDB (Officially Invited by OWASP) |
Official Representative from Google's Chrome team | ||||
1 | Mario Heiderich | Independent | General Expertise | |||
2 | Gareth Heyes | Independent | General Expertise | |||
3 | Marcin Wielgoszewski | Protiviti | Participant | |||
4 | Adam Baso | Symantec | Participant | |||
5 | Achim Hoffmann | Independent | Participant | |||
6 | David Rook | Realex Payments | General Expertise | |||
7 | Peleus Uhley | Adobe Systems | General Expertise | |||
8 | Giorgio Fedon | Minded Security | Participant | |||
9 | Esteban ribicic | HP | Participant | |||
10 |