This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Schedule"

From OWASP
Jump to: navigation, search
Line 14: Line 14:
 
If you're interested in [[:Summit 2011 Working Sessions|adding a Working Session for the 2011 Summit]], there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact [mailto:lorna.alamri(at)owasp.org Lorna Alamri] or [mailto:sarah.baso(at)owasp.org Sarah Baso] for more information. <br> <br> Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules. <br>  
 
If you're interested in [[:Summit 2011 Working Sessions|adding a Working Session for the 2011 Summit]], there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact [mailto:lorna.alamri(at)owasp.org Lorna Alamri] or [mailto:sarah.baso(at)owasp.org Sarah Baso] for more information. <br> <br> Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules. <br>  
  
{| cellpadding="1" border="0" align="center" style="width:80%"
+
{| cellpadding="1" border="0" align="center" style="width:100%"
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 1: Browser Security'''  
 
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 1: Browser Security'''  
Line 26: Line 26:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS Frameworks|'''Cross-Site Scripting: Frameworks''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS Frameworks|'''Cross-Site Scripting: Frameworks''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']]
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']]
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Applying ESAPI input validation''']] <br>
 +
*Serial Decomp: Decode, canonicalize, filter<br>
 +
*Structured data (SSN, CC, etc.) <br>
 +
*Unstructured data (comments, blogs, etc.) <br>
 +
*Other input exaples (ws-, database, etc.) <br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS AwarnessResourcesPartnerships|'''Cross-Site Scripting: Awarenes, Resources, and Partnerships''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS AwarnessResourcesPartnerships|'''Cross-Site Scripting: Awarenes, Resources, and Partnerships''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Defining AppSensor sensors for:''']] <br>
 +
*Forced Browsing <br>
 +
*Request Velocity<br>
 +
*Unexpected encodings<br>
 +
*Impersonation (Sudden user switch) <br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Managing Sessions''']] <br>
 +
*Across requests<br>
 +
*Across containers<br>
 +
*Invalidating sessions (Timeout, attack event, logout)<br>
 +
*Invalidating sessions (across containers, SSO token invalidation, user termination)<br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting information stored client-side''']] <br>
 +
*Threat Modeling the problem <br>
 +
*Protecting theft and re-playability of application-specific info (on client & in flight)<br>
 +
*Protecting theft and re-playability of session-specific info (in flight)<br>
 +
*Protecting session-specific information from attack on the client <br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting against CSRF'']] <br>
 +
*Hygiene: Discuss/show frames-busting, cross-domain policy; Discuss referrer and other red herrings <br>
 +
*Tokens (crafting, scoping, and checking)<br>
 +
*Discussions, techniques on scale<br>
 +
*Discussions, techniquest on CAPTCHA, re-auth, etc. <br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
+
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Providing access to persisted data''']] <br>
 +
*Controlling visibility of tables by role<br>
 +
*Providing access to safe SQL-like query through DAO layer<br>
 +
*Discussions, techniques for providing secure'auto-wiring' / marshaling<br>
 +
*Encoding and canonicalization for storage (or alternatively: Security concerns with heirarchical caching and object pooling) <br>
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']]  
Line 62: Line 86:
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" |  
 +
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Enterprise Web Defense|'''Enterprise Web Defense Roundtable''']]  
 
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Enterprise Web Defense|'''Enterprise Web Defense Roundtable''']]  
Line 106: Line 131:
  
  
{| cellpadding="1" border="0" align="center" style="width:80%"
+
{| cellpadding="1" border="0" align="center" style="width:100%"
 
|- valign="middle"
 
|- valign="middle"
 
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 5: <open>'''  
 
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 5: <open>'''  

Revision as of 00:29, 14 December 2010

Global Summit 2011 Home Page
Global Summit 2011 Working Sessions

Browser Security Track
Cross-Site Scripting Eradication Track
University Outreach Track
No Fluff, Just Stuff Track
OWASP Global Committees


Summit 2011 Working Sessions

If you're interested in adding a Working Session for the 2011 Summit, there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact Lorna Alamri or Sarah Baso for more information.

Please review the Working Session methodology for Working Session rules.

Track 1: Browser Security Track 2: Cross-Site Scripting Eradication Track 3: University Outreach and Education Track 4: No Fluff, Just Stuff
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes.
Browser Security Cross-Site Scripting: Frameworks University Outreach Applying ESAPI input validation
  • Serial Decomp: Decode, canonicalize, filter
  • Structured data (SSN, CC, etc.)
  • Unstructured data (comments, blogs, etc.)
  • Other input exaples (ws-, database, etc.)
Browser Security: Sandboxing Cross-Site Scripting: Awarenes, Resources, and Partnerships Defining AppSensor sensors for:
  • Forced Browsing
  • Request Velocity
  • Unexpected encodings
  • Impersonation (Sudden user switch)
Browser Security: Securing Plugins Managing Sessions
  • Across requests
  • Across containers
  • Invalidating sessions (Timeout, attack event, logout)
  • Invalidating sessions (across containers, SSO token invalidation, user termination)
Browser Security: Enduser Warnings Protecting information stored client-side
  • Threat Modeling the problem
  • Protecting theft and re-playability of application-specific info (on client & in flight)
  • Protecting theft and re-playability of session-specific info (in flight)
  • Protecting session-specific information from attack on the client
Browser Security: Blacklisting 'Protecting against CSRF
  • Hygiene: Discuss/show frames-busting, cross-domain policy; Discuss referrer and other red herrings
  • Tokens (crafting, scoping, and checking)
  • Discussions, techniques on scale
  • Discussions, techniquest on CAPTCHA, re-auth, etc.
Browser Security: JavaScript Providing access to persisted data
  • Controlling visibility of tables by role
  • Providing access to safe SQL-like query through DAO layer
  • Discussions, techniques for providing secure'auto-wiring' / marshaling
  • Encoding and canonicalization for storage (or alternatively: Security concerns with heirarchical caching and object pooling)
Browser Security: OS Integration
Browser Security: New HTTP Headers
Enterprise Web Defense Roundtable
Track notes:



Track notes:



Track notes:



Track notes:





Track 5: <open> Track 6: <open> Track 7: <open> Track 8: OWASP Global Committees
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes.
OWASP Projects
Projects - Assessment Criteria & Orphaned Projects
Projects - Funding, Marketing, & Commerical Services
OWASP Connections
OWASP Chapters
OWASP Education
OWASP Conferences
OWASP Industry
OWASP Membership
Track notes:



Track notes:



Track notes:



Track notes:





Retrieved from "https://wiki.owasp.org/index.php?title=Summit_2011_Schedule&oldid=96204"