This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Summit 2011 Schedule

From OWASP
Revision as of 20:55, 2 December 2010 by Sarah Baso (talk | contribs)

Jump to: navigation, search


Agenda for Tuesday, February the 8th, 2011
0900 - 1000
Registration, Meet & Greet
1100 - 1200

Board Welcome & Kickoff

1100 - 1200

Lunch

1300 - 1320

Projects

1330 - 1350

Industry

1400 - 1420

Membership

1430 - 1450

Connections

1500 - 1520

Coffee Break

1530 - 1450

Chapters

1600 - 1620

Education

1630 - 1730

TBD

1730 - 1800

Wrap up of the Day

1900 - 2100
Dinner
2100 - 0000

Evening Event TBD


Agenda for Wednesday, February 9th, 2011

Working Sessions
0900 - 1100 Browser Working Group Projects - Assessment Criteria & Orphaned Projects
TBD
1100 - 1300 Browser Working Group TBD
TBD
1300 - 1400 Lunch Lunch
Lunch
1330 - 1530 Browser Working Group Projects - Funding, Marketing, & Commerical Services
TBD
1530 - 1400 Coffee Break Coffee Break
Coffee Break
1400 - 1900 Browser Working Group TBD
TBD
1900 - 2100 Dinner
2100 - 0000 Evening Event TBD


Agenda for Thursday, February 10th, 2010

Main Room Working Sessions
Working Sessions
0900 - 1100
XSS - Frameworks TBD
1100 - 1300
XSS- Awarness, Resources & Partnerships TBD
1300- 1330 Lunch
1330 - 1415 Projects
1415 - 1530 Memberships
1530 - 1600 Coffee Break
1600 - 1645 Chapters
1645- 1730 Connections
1900 - 2100 Dinner
2100 - 0000 Evening Event TBD


Agenda for Friday, February 11th, 2011
0900 - 1000 Board Presentation
1000 - 1045 Industry
1045 - 1130 Connections
1130 - 1215 Education
1230 - 1330 Lunch
1330 - 1530 TBD
1530 - 1700 Wrap Up Summit


Browser Security

  • Browser Day: One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plugins and web technologies.Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.Do not miss this chance to influence what's important in browser security in the coming years.

* Sandboxing: Is sandboxing the right way forward? Can sandboxing be harmonized with the origin policies for cookies, scripting, and ajax – i e share the same compartmentalization? How should we apply sandboxing to plugins?
* Securing plugins: Should browsers ship with default plugins? Should plugins be auto-updated? Can plugins or versions of plugins be blacklisted centrally?
* Enduser warnings: How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings?
* Blacklisting: Can we cooperate better on blacklisting? Does it work between cultures, i e can we have the same process for reporting throughout the world?
* OS integration: More and more features in browsers get integrated with the underlying operating system. Processes, fonts, filesystem, 3D graphics. How do we secure this?
* JavaScript: How do we secure the universally deployed web application language? Much focus has been on execution performance but what about security? Will EcmaScript 5 strict-mode be supported anytime soon (currently no support)? Are (more) secure "dialects" such as FBJS and Caja the way to go? What's happening in EcmaScript Harmony?
* New HTTP headers: Are new opt-in HTTP headers the right way to add security features? For example Strict Transport Security, x-frame-options, origin and Content Security Policy.

XSS Eradication

We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them.

Enterprise Web Defense Roundtable

How are enterprises defending web applications. Discussion of best practices, effective methods, and new ideas to enhance web application defense. (Session Leader: Michael Coates, Mozilla)

University Outreach

This summit will be the place to bring OWASP Educational Supporters together! What security major and minor educations are out there? How can OWASP participate and influence their curricula? How can the relationship between Universities and OWASP be standardized? What does OWASP have to offer Universities and what can they, in turn, expect from each other?

OWASP Projects

We will have a session on how OWASP should support, grow, and manage projects. This includes:
-Assessment criteria
-Orphaned projects
-Funding
-Marketing
-Commercial services