This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Working Session - Browser Security"
From OWASP
| Line 188: | Line 188: | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|12 | | style="width:7%; background:#7B8ABD" align="center"|12 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Tom Brennan | + | | style="width:15%; background:#cccccc" align="center"| Tom Brennan |
| − | | style="width:15%; background:#cccccc" align="center"|WhiteHat Security | + | | style="width:15%; background:#cccccc" align="center"| WhiteHat Security |
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|13 | | style="width:7%; background:#7B8ABD" align="center"|13 | ||
| style="width:15%; background:#cccccc" align="center"| Georg Hess | | style="width:15%; background:#cccccc" align="center"| Georg Hess | ||
| style="width:15%; background:#cccccc" align="center"| art of defence | | style="width:15%; background:#cccccc" align="center"| art of defence | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|14 | | style="width:7%; background:#7B8ABD" align="center"|14 | ||
| style="width:15%; background:#cccccc" align="center"| Ljubibratic Gradimir | | style="width:15%; background:#cccccc" align="center"| Ljubibratic Gradimir | ||
| style="width:15%; background:#cccccc" align="center"| Telecom Serbia | | style="width:15%; background:#cccccc" align="center"| Telecom Serbia | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|15 | | style="width:7%; background:#7B8ABD" align="center"|15 | ||
| style="width:15%; background:#cccccc" align="center"| Achim Hoffmann | | style="width:15%; background:#cccccc" align="center"| Achim Hoffmann | ||
| style="width:15%; background:#cccccc" align="center"| SecureNet | | style="width:15%; background:#cccccc" align="center"| SecureNet | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|16 | | style="width:7%; background:#7B8ABD" align="center"|16 | ||
| style="width:15%; background:#cccccc" align="center"| edgar vasquez | | style="width:15%; background:#cccccc" align="center"| edgar vasquez | ||
| style="width:15%; background:#cccccc" align="center"| Softtek | | style="width:15%; background:#cccccc" align="center"| Softtek | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|17 | | style="width:7%; background:#7B8ABD" align="center"|17 | ||
| style="width:15%; background:#cccccc" align="center"| Michael Coates | | style="width:15%; background:#cccccc" align="center"| Michael Coates | ||
| style="width:15%; background:#cccccc" align="center"| Aspect Security | | style="width:15%; background:#cccccc" align="center"| Aspect Security | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| − | | style="width:7%; background:#7B8ABD" align="center"| | + | | style="width:7%; background:#7B8ABD" align="center"|18 |
| style="width:15%; background:#cccccc" align="center"| David Campbell | | style="width:15%; background:#cccccc" align="center"| David Campbell | ||
| style="width:15%; background:#cccccc" align="center"| OWASP Denver | | style="width:15%; background:#cccccc" align="center"| OWASP Denver | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|- | |- | ||
| − | | style="width:7%; background:#7B8ABD" align="center"| | + | | style="width:7%; background:#7B8ABD" align="center"|19 |
| style="width:15%; background:#cccccc" align="center"| Jeff Williams | | style="width:15%; background:#cccccc" align="center"| Jeff Williams | ||
| style="width:15%; background:#cccccc" align="center"| Aspect Security | | style="width:15%; background:#cccccc" align="center"| Aspect Security | ||
| style="width:63%; background:#cccccc" align="center"| General Expertise | | style="width:63%; background:#cccccc" align="center"| General Expertise | ||
|- | |- | ||
| − | | style="width:7%; background:#7B8ABD" align="center"| | + | | style="width:7%; background:#7B8ABD" align="center"|20 |
| − | | style="width:15%; background:#cccccc" align="center"| Peleus | + | | style="width:15%; background:#cccccc" align="center"| Peleus Uhley |
| style="width:15%; background:#cccccc" align="center"| Adobe | | style="width:15%; background:#cccccc" align="center"| Adobe | ||
| − | | style="width:63%; background:#cccccc" align="center"|General Expertise | + | | style="width:63%; background:#cccccc" align="center"| General Expertise |
|} | |} | ||
[[Category:OWASP_Working_Session]] | [[Category:OWASP_Working_Session]] | ||
Revision as of 12:52, 4 November 2008
| Working Sessions Operational Rules - Please see here the general frame of rules. |
|---|
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Work Session Name | ISWG Browser Security | |||||
| Short Work Session Description | Brainstorming on how to introduce more useful security into our browsers | |||||
| Related Projects (if any) |
OWASP ISWG (Intrinsic Security Working Group) = OWASP Intrinsic Security Working Group - Browser Security | |||||
| Email Contacts & Roles | Chair Arshan Dabirsiaghi |
Secretary Kuai Hinojosa |
Mailing list Subscription Page | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives |
| |||||
| Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 4, 2008 8:30 |
Discussion Model Everybody is a Participant | |||
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
- Time: 30 mins Introduction - Time: 2 hrs 00 mins Identify and generate advice on short term issues with relatively low impact on adoption and site-breakage Analyze security feature matrix and compare browser features - Time: 2 hrs 30 mins Address issues in the current HTML5 specifications - Time: 3 hrs 30 mins Long term: General policy enforcement (NoScript as a model for browsers?) Long term: JavaScript policy-driven sandboxing - Remaining time: Identify 5 Key Browser Risks and select the top 3, Build a proposal to target key players in the industry and ask for their support Confirm point leads, roles and responsibilities Related resources: | ||||||
| WORKING SESSION OUTCOMES | ||
|---|---|---|
| Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
| OWASP Top 10 Browser Wishlist. | After the Board Meeting - fill in here. | |
| Actionable advice and technical arguments for HTML5 feature set. | After the Board Meeting - fill in here. | |
| Establish OWASP points-of-contact for W3C. | After the Board Meeting - fill in here. | |
| Fill in here. | After the Board Meeting - fill in here. | |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Microsoft's IE team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Mozilla Foundation's Firefox team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Opera's team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Apple's Safari team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Google's Chrome team | |||
| 1 | Mario Heiderich | Independent | General Expertise | |||
| 2 | Gareth Heyes | Independent | General Expertise | |||
| 3 | Marcin Wielgoszewski | Protiviti | Participant | |||
| 4 | Adam Baso | Symantec | Participant | |||
| 5 | Achim Hoffmann | Independent | Participant | |||
| 6 | David Rook | Realex Payments | General Expertise | |||
| 7 | Peleus Uhley | Adobe Systems | General Expertise | |||
| 8 | Giorgio Fedon | Minded Security | Participant | |||
| 9 | Esteban ribicic | HP | Participant | |||
| 10 | Nishi Kumar | Fidelity Nationals | General Expertise | |||
| 11 | Alex Smolen | Foundstone | General Expertise | |||
| 12 | Tom Brennan | WhiteHat Security | General Expertise | |||
| 13 | Georg Hess | art of defence | General Expertise | |||
| 14 | Ljubibratic Gradimir | Telecom Serbia | General Expertise | |||
| 15 | Achim Hoffmann | SecureNet | General Expertise | |||
| 16 | edgar vasquez | Softtek | General Expertise | |||
| 17 | Michael Coates | Aspect Security | General Expertise | |||
| 18 | David Campbell | OWASP Denver | General Expertise | |||
| 19 | Jeff Williams | Aspect Security | General Expertise | |||
| 20 | Peleus Uhley | Adobe | General Expertise | |||
