Difference between revisions of "Working Sessions Browser Working Group"

Revision as of 20:59, 6 December 2010

Global Summit 2011 Home Page
Global Summit 2011 Schedule
Global Summit 2011 Working Sessions

Working Sessions Operational Rules - Please see here the general frame of rules.

WORKING SESSION IDENTIFICATION
Work Session Name	Browser Working Group
Short Work Session Description	One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plug-ins and web technologies. Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and end-users. Do not miss this chance to influence what's important in browser security in the coming years.
Related Projects (if any)	Sandboxing, Securing Plugins, Enduser Warnings, Blacklisting, OS Integration, JavaScript, New HTTP Headers
Email Contacts & Roles	Chair	Secretary	Mailing list Subscription Page

WORKING SESSION SPECIFICS
Objectives	Discuss how to enhance enduser security in web applications, Discuss browser-based countermeasures against XSS, CSRF, man-in-the-middle, man-in-the-browser and full remote access exploits.
Venue/Date&Time/Model	Venue OWASP Global Summit Portugal 2011	Date&Time	Discussion Model "Open Space, demo-driven discussion, round-table discussions (i e not a PowerPoint race)"

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, post-it notes, power

WORKING SESSION ADDITIONAL DETAILS
Related resources: OWASP Working Session - Browser Security Letters Browser vendors invited:Apple, Google, Microsoft, Mozilla, Opera

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions	Proposed by Working Group	Approved by OWASP Board
	Enhanced cooperation between browser vendors.	After the Board Meeting - fill in here.
	Identify points-of-contact for frameworks.	After the Board Meeting - fill in here.

Working Session Participants

Working Session Participants
	Name	Company	Notes & reason for participating, issues to be discussed/addressed
view edit	John Wilander @	Omegapoint	Session Leader
view edit	Michael Coates @	Mozilla

@@ Line 33: / Line 33: @@
 | align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Objectives'''
 | align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <font color="black"></font><font color="black"></font><font color="black">
-#Discuss gaps and patterns in gaps in security coverage across frameworks,
+#Discuss how to enhance enduser security in web applications,
-#Discuss possible solutions for security areas.</font>
+#Discuss browser-based countermeasures against XSS, CSRF, man-in-the-middle, man-in-the-browser and full remote access exploits.</font>
 |-
@@ Line 42: / Line 42: @@
 '''Date&amp;Time'''
-| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Discussion Model'''<br>"Participants + Attendees"
+| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Discussion Model'''<br>"Open Space, demo-driven discussion, round-table discussions (i e not a PowerPoint race)"
 |}
@@ Line 54: / Line 54: @@
 ! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''</font>
 |-
-| align="center" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | Projector, whiteboards, markers, Internet connectivity, power
+| align="center" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | Projector, whiteboards, markers, Internet connectivity, post-it notes, power
 |}
@@ Line 68: / Line 68: @@
 | align="left" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" |
 *'''Related resources:''' [[OWASP Working Session - Browser Security Letters]]
-*'''Frameworks to invite:''' .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc.
+*'''Browser vendors invited:'''Apple, Google, Microsoft, Mozilla, Opera
-**10 Oct: "Open Letter to Frameworks (version for open mailing lists)" sent to
-***Ruby-on-Rails Core mailing list
-***Springnet Developer mailing list
-***Struts Dev mailing list
 |}
@@ Line 85: / Line 81: @@
 |-
 | align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
-| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Actionable advice for each individual frameworks.
+| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Enhanced cooperation between browser vendors.
 | align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | After the Board Meeting - fill in here.
 |-
@@ Line 96: / Line 92: @@
 {{:Template:Summit 2011 Working Sessions Attendee/Columns}}
-{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
+{{:Summit_2011_Attendee/Attendee024 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
-{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
+{{:Summit_2011_Attendee/Attendee010 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
-{{:Summit_2011_Attendee/Attendee110 | Summit 2011 Working Sessions Attendee/Rows_Browser_Security}}
 |}

Difference between revisions of "Working Sessions Browser Working Group"

Revision as of 20:59, 6 December 2010

Working Session Participants

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools