This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Summit 2011 Schedule
Agenda for Tuesday, February the 8th, 2011 | ||||
0900 - 1000 |
Registration, Meet & Greet | |||
1100 - 1200 |
Board Welcome & Kickoff | |||
1100 - 1200 |
Lunch | |||
1300 - 1320 |
Projects | |||
1330 - 1350 |
Industry | |||
1400 - 1420 |
Membership | |||
1430 - 1450 |
Connections | |||
1500 - 1520 |
Coffee Break | |||
1530 - 1450 |
Chapters | |||
1600 - 1620 |
Education | |||
1630 - 1730 |
TBD | |||
1730 - 1800 |
Wrap up of the Day | |||
1900 - 2100 |
Dinner | |||
2100 - 0000 |
Evening Event TBD |
Agenda for Wednesday, February 9th, 2011 | ||||
|
Working Sessions | |||
0900 - 1100 | Browser Working Group | Projects - Assessment Criteria & Orphaned Projects |
TBD | |
1100 - 1300 | Browser Working Group | TBD |
TBD | |
1300 - 1400 | Lunch | Lunch |
Lunch | |
1330 - 1530 | Browser Working Group | Projects - Funding, Marketing, & Commerical Services |
TBD | |
1530 - 1400 | Coffee Break | Coffee Break |
Coffee Break | |
1400 - 1900 | Browser Working Group | TBD |
TBD | |
1900 - 2100 | Dinner | |||
2100 - 0000 | Evening Event TBD |
Agenda for Thursday, February 10th, 2010 | ||||
|
Main Room | Working Sessions |
Working Sessions | |
0900 - 1100 | |
XSS - Frameworks | TBD | |
1100 - 1300 | |
XSS- Awarness, Resources & Partnerships | TBD | |
1300- 1330 | Lunch | |||
1330 - 1415 | Projects | |||
1415 - 1530 | Memberships | |||
1530 - 1600 | Coffee Break | |||
1600 - 1645 | Chapters | |||
1645- 1730 | Connections | |||
1900 - 2100 | Dinner | |||
2100 - 0000 | Evening Event TBD |
Agenda for Friday, February 11th, 2011 | |||||
0900 - 1000 | Board Presentation | ||||
1000 - 1045 | Industry | ||||
1045 - 1130 | Connections | ||||
1130 - 1215 | Education | ||||
1230 - 1330 | Lunch | ||||
1330 - 1530 | TBD | ||||
1530 - 1700 | Wrap Up Summit |
* Browser Day: One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plugins and web technologies.Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.Do not miss this chance to influence what's important in browser security in the coming years.
* Sandboxing: Is sandboxing the right way forward? Can sandboxing be harmonized with the origin policies for cookies, scripting, and ajax – i e share the same compartmentalization? How should we apply sandboxing to plugins?
* Securing plugins: Should browsers ship with default plugins? Should plugins be auto-updated? Can plugins or versions of plugins be blacklisted centrally?
* Enduser warnings: How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings?
* Blacklisting: Can we cooperate better on blacklisting? Does it work between cultures, i e can we have the same process for reporting throughout the world?
* OS integration: More and more features in browsers get integrated with the underlying operating system. Processes, fonts, filesystem, 3D graphics. How do we secure this?
* JavaScript: How do we secure the universally deployed web application language? Much focus has been on execution performance but what about security? Will EcmaScript 5 strict-mode be supported anytime soon (currently no support)? Are (more) secure "dialects" such as FBJS and Caja the way to go? What's happening in EcmaScript Harmony?
* New HTTP headers: Are new opt-in HTTP headers the right way to add security features? For example Strict Transport Security, x-frame-options, origin and Content Security Policy.