This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Schedule"
From OWASP
Sarah Baso (talk | contribs) |
Sarah Baso (talk | contribs) |
||
Line 14: | Line 14: | ||
If you're interested in [[:Summit 2011 Working Sessions|adding a Working Session for the 2011 Summit]], there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact [mailto:lorna.alamri(at)owasp.org Lorna Alamri] or [mailto:sarah.baso(at)owasp.org Sarah Baso] for more information. <br> <br> Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules. <br> | If you're interested in [[:Summit 2011 Working Sessions|adding a Working Session for the 2011 Summit]], there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact [mailto:lorna.alamri(at)owasp.org Lorna Alamri] or [mailto:sarah.baso(at)owasp.org Sarah Baso] for more information. <br> <br> Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules. <br> | ||
− | {| cellpadding="1" border="0" align="center" style="width: | + | {| cellpadding="1" border="0" align="center" style="width:100%" |
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 1: Browser Security''' | | valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 1: Browser Security''' | ||
Line 26: | Line 26: | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS Frameworks|'''Cross-Site Scripting: Frameworks''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS Frameworks|'''Cross-Site Scripting: Frameworks''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions University Outreach|'''University Outreach''']] | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Applying ESAPI input validation''']] <br> |
+ | *Serial Decomp: Decode, canonicalize, filter<br> | ||
+ | *Structured data (SSN, CC, etc.) <br> | ||
+ | *Unstructured data (comments, blogs, etc.) <br> | ||
+ | *Other input exaples (ws-, database, etc.) <br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Sandboxing|'''Browser Security: Sandboxing''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS AwarnessResourcesPartnerships|'''Cross-Site Scripting: Awarenes, Resources, and Partnerships''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions XSS AwarnessResourcesPartnerships|'''Cross-Site Scripting: Awarenes, Resources, and Partnerships''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Defining AppSensor sensors for:''']] <br> |
+ | *Forced Browsing <br> | ||
+ | *Request Velocity<br> | ||
+ | *Unexpected encodings<br> | ||
+ | *Impersonation (Sudden user switch) <br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Securing Plugins|'''Browser Security: Securing Plugins''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Managing Sessions''']] <br> |
+ | *Across requests<br> | ||
+ | *Across containers<br> | ||
+ | *Invalidating sessions (Timeout, attack event, logout)<br> | ||
+ | *Invalidating sessions (across containers, SSO token invalidation, user termination)<br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Enduser Warnings|'''Browser Security: Enduser Warnings''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting information stored client-side''']] <br> |
+ | *Threat Modeling the problem <br> | ||
+ | *Protecting theft and re-playability of application-specific info (on client & in flight)<br> | ||
+ | *Protecting theft and re-playability of session-specific info (in flight)<br> | ||
+ | *Protecting session-specific information from attack on the client <br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group Blacklisting|'''Browser Security: Blacklisting''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Protecting against CSRF'']] <br> |
+ | *Hygiene: Discuss/show frames-busting, cross-domain policy; Discuss referrer and other red herrings <br> | ||
+ | *Tokens (crafting, scoping, and checking)<br> | ||
+ | *Discussions, techniques on scale<br> | ||
+ | *Discussions, techniquest on CAPTCHA, re-auth, etc. <br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group JavaScript|'''Browser Security: JavaScript''']] | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
− | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | + | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions No Fluff Just Stuff|'''Providing access to persisted data''']] <br> |
+ | *Controlling visibility of tables by role<br> | ||
+ | *Providing access to safe SQL-like query through DAO layer<br> | ||
+ | *Discussions, techniques for providing secure'auto-wiring' / marshaling<br> | ||
+ | *Encoding and canonicalization for storage (or alternatively: Security concerns with heirarchical caching and object pooling) <br> | ||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Browser Working Group OS Integration|'''Browser Security: OS Integration''']] | ||
Line 62: | Line 86: | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | | ||
+ | |||
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Enterprise Web Defense|'''Enterprise Web Defense Roundtable''']] | | valign="middle" height="30" bgcolor="#EEEEEE" style="width:25%" | [[:Working Sessions Enterprise Web Defense|'''Enterprise Web Defense Roundtable''']] | ||
Line 106: | Line 131: | ||
− | {| cellpadding="1" border="0" align="center" style="width: | + | {| cellpadding="1" border="0" align="center" style="width:100%" |
|- valign="middle" | |- valign="middle" | ||
| valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 5: <open>''' | | valign="middle" height="30" bgcolor="#CCCCEE" align="center" style="width:25%" | '''Track 5: <open>''' |
Revision as of 00:29, 14 December 2010
Global Summit 2011 Home Page
Global Summit 2011 Working Sessions
Browser Security Track
Cross-Site Scripting Eradication Track
University Outreach Track
No Fluff, Just Stuff Track
OWASP Global Committees
Summit 2011 Working Sessions
If you're interested in adding a Working Session for the 2011 Summit, there still is time. This list will be finalized a couple of days before the actual Summit, so get in touch with us soon. Contact Lorna Alamri or Sarah Baso for more information.
Please review the Working Session methodology for Working Session rules.
Track 1: Browser Security | Track 2: Cross-Site Scripting Eradication | Track 3: University Outreach and Education | Track 4: No Fluff, Just Stuff | |
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes. | ||||
Browser Security | Cross-Site Scripting: Frameworks | University Outreach | Applying ESAPI input validation
| |
Browser Security: Sandboxing | Cross-Site Scripting: Awarenes, Resources, and Partnerships | Defining AppSensor sensors for:
| ||
Browser Security: Securing Plugins | Managing Sessions
| |||
Browser Security: Enduser Warnings | Protecting information stored client-side
| |||
Browser Security: Blacklisting | 'Protecting against CSRF
| |||
Browser Security: JavaScript | Providing access to persisted data
| |||
Browser Security: OS Integration | ||||
Browser Security: New HTTP Headers | ||||
Enterprise Web Defense Roundtable | ||||
Track notes: |
Track notes: |
Track notes: |
Track notes: |
Track 5: <open> | Track 6: <open> | Track 7: <open> | Track 8: OWASP Global Committees | |
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes. | ||||
OWASP Projects | ||||
Projects - Assessment Criteria & Orphaned Projects | ||||
Projects - Funding, Marketing, & Commerical Services | ||||
OWASP Connections | ||||
OWASP Chapters | ||||
OWASP Education | ||||
OWASP Conferences | ||||
OWASP Industry | ||||
OWASP Membership | ||||
Track notes: |
Track notes: |
Track notes: |
Track notes: |