This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Working Session - Browser Security"
From OWASP
(→Working Session Participants) |
|||
| Line 133: | Line 133: | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|1 | | style="width:7%; background:#7B8ABD" align="center"|1 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Mario Heiderich | + | | style="width:15%; background:#cccccc" align="center"| Mario Heiderich |
| − | | style="width:15%; background:#cccccc" align="center"|Independent | + | | style="width:15%; background:#cccccc" align="center"| Independent |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|2 | | style="width:7%; background:#7B8ABD" align="center"|2 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Gareth Heyes | + | | style="width:15%; background:#cccccc" align="center"| Gareth Heyes |
| − | | style="width:15%; background:#cccccc" align="center"|Independent | + | | style="width:15%; background:#cccccc" align="center"| Independent |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|3 | | style="width:7%; background:#7B8ABD" align="center"|3 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Marcin Wielgoszewski | + | | style="width:15%; background:#cccccc" align="center"| Marcin Wielgoszewski |
| − | | style="width:15%; background:#cccccc" align="center"|Protiviti | + | | style="width:15%; background:#cccccc" align="center"| Protiviti |
| − | | style="width:63%; background:#cccccc" align="center"|Participant | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|4 | | style="width:7%; background:#7B8ABD" align="center"|4 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Adam Baso | + | | style="width:15%; background:#cccccc" align="center"| Adam Baso |
| − | | style="width:15%; background:#cccccc" align="center"|Symantec | + | | style="width:15%; background:#cccccc" align="center"| Symantec |
| − | | style="width:63%; background:#cccccc" align="center"|Participant | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|5 | | style="width:7%; background:#7B8ABD" align="center"|5 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Achim Hoffmann | + | | style="width:15%; background:#cccccc" align="center"| Achim Hoffmann |
| − | | style="width:15%; background:#cccccc" align="center"|Independent | + | | style="width:15%; background:#cccccc" align="center"| Independent |
| − | | style="width:63%; background:#cccccc" align="center"|Participant | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|6 | | style="width:7%; background:#7B8ABD" align="center"|6 | ||
| − | | style="width:15%; background:#cccccc" align="center"|David Rook | + | | style="width:15%; background:#cccccc" align="center"| David Rook |
| − | | style="width:15%; background:#cccccc" align="center"|Realex Payments | + | | style="width:15%; background:#cccccc" align="center"| Realex Payments |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|7 | | style="width:7%; background:#7B8ABD" align="center"|7 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Peleus Uhley | + | | style="width:15%; background:#cccccc" align="center"| Peleus Uhley |
| − | | style="width:15%; background:#cccccc" align="center"|Adobe Systems | + | | style="width:15%; background:#cccccc" align="center"| Adobe Systems |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|8 | | style="width:7%; background:#7B8ABD" align="center"|8 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Giorgio Fedon | + | | style="width:15%; background:#cccccc" align="center"| Giorgio Fedon |
| − | | style="width:15%; background:#cccccc" align="center"|Minded Security | + | | style="width:15%; background:#cccccc" align="center"| Minded Security |
| − | | style="width:63%; background:#cccccc" align="center"|Participant | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|9 | | style="width:7%; background:#7B8ABD" align="center"|9 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Esteban ribicic | + | | style="width:15%; background:#cccccc" align="center"| Esteban ribicic |
| − | | style="width:15%; background:#cccccc" align="center"|HP | + | | style="width:15%; background:#cccccc" align="center"| HP |
| − | | style="width:63%; background:#cccccc" align="center"|Participant | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|10 | | style="width:7%; background:#7B8ABD" align="center"|10 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Nishi Kumar | + | | style="width:15%; background:#cccccc" align="center"| Nishi Kumar |
| − | | style="width:15%; background:#cccccc" align="center"|Fidelity Nationals | + | | style="width:15%; background:#cccccc" align="center"| Fidelity Nationals |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|11 | | style="width:7%; background:#7B8ABD" align="center"|11 | ||
| − | | style="width:15%; background:#cccccc" align="center"|Alex Smolen | + | | style="width:15%; background:#cccccc" align="center"| Alex Smolen |
| − | | style="width:15%; background:#cccccc" align="center"|Foundstone | + | | style="width:15%; background:#cccccc" align="center"| Foundstone |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|12 | | style="width:7%; background:#7B8ABD" align="center"|12 | ||
| style="width:15%; background:#cccccc" align="center"| Tom Brennan | | style="width:15%; background:#cccccc" align="center"| Tom Brennan | ||
| style="width:15%; background:#cccccc" align="center"| WhiteHat Security | | style="width:15%; background:#cccccc" align="center"| WhiteHat Security | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|13 | | style="width:7%; background:#7B8ABD" align="center"|13 | ||
| style="width:15%; background:#cccccc" align="center"| Georg Hess | | style="width:15%; background:#cccccc" align="center"| Georg Hess | ||
| − | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"| Art of Defence |
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|14 | | style="width:7%; background:#7B8ABD" align="center"|14 | ||
| style="width:15%; background:#cccccc" align="center"| Ljubibratic Gradimir | | style="width:15%; background:#cccccc" align="center"| Ljubibratic Gradimir | ||
| style="width:15%; background:#cccccc" align="center"| Telecom Serbia | | style="width:15%; background:#cccccc" align="center"| Telecom Serbia | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|15 | | style="width:7%; background:#7B8ABD" align="center"|15 | ||
| style="width:15%; background:#cccccc" align="center"| Achim Hoffmann | | style="width:15%; background:#cccccc" align="center"| Achim Hoffmann | ||
| style="width:15%; background:#cccccc" align="center"| SecureNet | | style="width:15%; background:#cccccc" align="center"| SecureNet | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|16 | | style="width:7%; background:#7B8ABD" align="center"|16 | ||
| − | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"| Edgar Vasquez |
| style="width:15%; background:#cccccc" align="center"| Softtek | | style="width:15%; background:#cccccc" align="center"| Softtek | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|17 | | style="width:7%; background:#7B8ABD" align="center"|17 | ||
| style="width:15%; background:#cccccc" align="center"| Michael Coates | | style="width:15%; background:#cccccc" align="center"| Michael Coates | ||
| style="width:15%; background:#cccccc" align="center"| Aspect Security | | style="width:15%; background:#cccccc" align="center"| Aspect Security | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|18 | | style="width:7%; background:#7B8ABD" align="center"|18 | ||
| style="width:15%; background:#cccccc" align="center"| David Campbell | | style="width:15%; background:#cccccc" align="center"| David Campbell | ||
| style="width:15%; background:#cccccc" align="center"| OWASP Denver | | style="width:15%; background:#cccccc" align="center"| OWASP Denver | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|19 | | style="width:7%; background:#7B8ABD" align="center"|19 | ||
| style="width:15%; background:#cccccc" align="center"| Jeff Williams | | style="width:15%; background:#cccccc" align="center"| Jeff Williams | ||
| style="width:15%; background:#cccccc" align="center"| Aspect Security | | style="width:15%; background:#cccccc" align="center"| Aspect Security | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|20 | | style="width:7%; background:#7B8ABD" align="center"|20 | ||
| style="width:15%; background:#cccccc" align="center"| Kuai Hinojosa | | style="width:15%; background:#cccccc" align="center"| Kuai Hinojosa | ||
| style="width:15%; background:#cccccc" align="center"| NYU | | style="width:15%; background:#cccccc" align="center"| NYU | ||
| − | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Participant |
|} | |} | ||
[[Category:OWASP_Working_Session]] | [[Category:OWASP_Working_Session]] | ||
Revision as of 13:05, 4 November 2008
| Working Sessions Operational Rules - Please see here the general frame of rules. |
|---|
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Work Session Name | ISWG Browser Security | |||||
| Short Work Session Description | Brainstorming on how to introduce more useful security into our browsers | |||||
| Related Projects (if any) |
OWASP ISWG (Intrinsic Security Working Group) = OWASP Intrinsic Security Working Group - Browser Security | |||||
| Email Contacts & Roles | Chair Arshan Dabirsiaghi |
Secretary Kuai Hinojosa |
Mailing list Subscription Page | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives |
| |||||
| Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 4, 2008 8:30 |
Discussion Model Everybody is a Participant | |||
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
- Time: 30 mins Introduction - Time: 2 hrs 00 mins Identify and generate advice on short term issues with relatively low impact on adoption and site-breakage Analyze security feature matrix and compare browser features - Time: 2 hrs 30 mins Address issues in the current HTML5 specifications - Time: 3 hrs 30 mins Long term: General policy enforcement (NoScript as a model for browsers?) Long term: JavaScript policy-driven sandboxing - Remaining time: Identify 5 Key Browser Risks and select the top 3, Build a proposal to target key players in the industry and ask for their support Confirm point leads, roles and responsibilities Related resources: | ||||||
| WORKING SESSION OUTCOMES | ||
|---|---|---|
| Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
| OWASP Top 10 Browser Wishlist. | After the Board Meeting - fill in here. | |
| Actionable advice and technical arguments for HTML5 feature set. | After the Board Meeting - fill in here. | |
| Establish OWASP points-of-contact for W3C. | After the Board Meeting - fill in here. | |
| Fill in here. | After the Board Meeting - fill in here. | |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Microsoft's IE team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Mozilla Foundation's Firefox team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Opera's team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Apple's Safari team | |||
| - | TDB (Officially Invited by OWASP) |
|
Official Representative from Google's Chrome team | |||
| 1 | Mario Heiderich | Independent | Participant | |||
| 2 | Gareth Heyes | Independent | Participant | |||
| 3 | Marcin Wielgoszewski | Protiviti | Participant | |||
| 4 | Adam Baso | Symantec | Participant | |||
| 5 | Achim Hoffmann | Independent | Participant | |||
| 6 | David Rook | Realex Payments | Participant | |||
| 7 | Peleus Uhley | Adobe Systems | Participant | |||
| 8 | Giorgio Fedon | Minded Security | Participant | |||
| 9 | Esteban ribicic | HP | Participant | |||
| 10 | Nishi Kumar | Fidelity Nationals | Participant | |||
| 11 | Alex Smolen | Foundstone | Participant | |||
| 12 | Tom Brennan | WhiteHat Security | Participant | |||
| 13 | Georg Hess | Art of Defence | Participant | |||
| 14 | Ljubibratic Gradimir | Telecom Serbia | Participant | |||
| 15 | Achim Hoffmann | SecureNet | Participant | |||
| 16 | Edgar Vasquez | Softtek | Participant | |||
| 17 | Michael Coates | Aspect Security | Participant | |||
| 18 | David Campbell | OWASP Denver | Participant | |||
| 19 | Jeff Williams | Aspect Security | Participant | |||
| 20 | Kuai Hinojosa | NYU | Participant | |||
