Summit 2011 Working Sessions/Session002

{{Template: {{{1}}} Summit 2011 Working Sessions test tab


 * summit_session_attendee_name1 = John Wilander
 * summit_session_attendee_email1 = john.wilander@owasp.org
 * summit_session_attendee_username1 = John.wilander
 * summit_session_attendee_company1=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=


 * summit_session_attendee_name2 = Michael Coates
 * summit_session_attendee_email2 = Michael.Coates@owasp.org
 * summit_session_attendee_username2 = MichaelCoates
 * summit_session_attendee_company2=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=


 * summit_session_attendee_name3 = Colin Watson
 * summit_session_attendee_email3 = colin.watson@owasp.org
 * summit_session_attendee_username3 = Clerkendweller
 * summit_session_attendee_company3=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=


 * summit_session_attendee_name4 = Stefano Di Paola
 * summit_session_attendee_email4 =
 * summit_session_attendee_username4 =
 * summit_session_attendee_company4=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=


 * summit_session_attendee_name5 = Isaac Dawson
 * summit_session_attendee_email5 =
 * summit_session_attendee_username5 =
 * summit_session_attendee_company5= Veracode
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=


 * summit_session_attendee_name6 = Chris Eng
 * summit_session_attendee_email6 = ceng@veracode.com
 * summit_session_attendee_username6=
 * summit_session_attendee_company6= Veracode
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=


 * summit_session_attendee_name7 = Nishi Kumar
 * summit_session_attendee_email7 = nishi.kumar@owasp.org
 * summit_session_attendee_username7=
 * summit_session_attendee_company7= FIS
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=


 * summit_session_attendee_name8 =
 * summit_session_attendee_email8 =
 * summit_session_attendee_username8=
 * summit_session_attendee_company8=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=


 * summit_session_attendee_name9 =
 * summit_session_attendee_email9 =
 * summit_session_attendee_username9=
 * summit_session_attendee_company9=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=


 * summit_session_attendee_name10 =
 * summit_session_attendee_email10 =
 * summit_session_attendee_username10=
 * summit_session_attendee_company10=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=


 * summit_session_attendee_name11 =
 * summit_session_attendee_email11 =
 * summit_session_attendee_username11=
 * summit_session_attendee_company11=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=


 * summit_session_attendee_name12 =
 * summit_session_attendee_email12 =
 * summit_session_attendee_username12=
 * summit_session_attendee_company12 =
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=


 * summit_session_attendee_name13 =
 * summit_session_attendee_email13 =
 * summit_session_attendee_username13 =
 * summit_session_attendee_company13=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=


 * summit_session_attendee_name14 =
 * summit_session_attendee_email14 =
 * summit_session_attendee_username14=
 * summit_session_attendee_company14=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=


 * summit_session_attendee_name15 =
 * summit_session_attendee_email15 =
 * summit_session_attendee_username15=
 * summit_session_attendee_company15=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=


 * summit_session_attendee_name16 =
 * summit_session_attendee_email16 =
 * summit_session_attendee_username16=
 * summit_session_attendee_company16=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=


 * summit_session_attendee_name17 =
 * summit_session_attendee_email17 =
 * summit_session_attendee_username17=
 * summit_session_attendee_company17=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=


 * summit_session_attendee_name18 =
 * summit_session_attendee_email18 =
 * summit_session_attendee_username18=
 * summit_session_attendee_company18=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=


 * summit_session_attendee_name19 =
 * summit_session_attendee_email19 =
 * summit_session_attendee_username19=
 * summit_session_attendee_company19=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=


 * summit_session_attendee_name20 =
 * summit_session_attendee_email20 =
 * summit_session_attendee_username20=
 * summit_session_attendee_company20=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=


 * summit_track_logo = [[Image:T._browser_security.jpg]]
 * summit_ws_logo = [[Image:WS._browser_security.jpg]]
 * summit_session_name = HTML5 Security
 * summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
 * mailing_list = https://groups.google.com/group/owasp-summit-browsersec
 * mailing_list = https://groups.google.com/group/owasp-summit-browsersec


 * short_working_session_description=


 * related_project_name1 = Browser Security Track - main page
 * related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track


 * related_project_name2 = Google Group for the Browser Security Track
 * related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec


 * related_project_name3 =
 * related_project_url_3 =


 * related_project_name4 =
 * related_project_url_4 =


 * related_project_name5 =
 * related_project_url_5 =




 * summit_session_objective_name1= Handle autofocus in a unified and secure way. Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.


 * summit_session_objective_name2 = Discuss necessity and capability for the HTML5 form controls. Do we need a non-SOP formaction attribute and why?


 * summit_session_objective_name3 = Goal I: Initiate and create documentation and references for developers that address security issues. Html5sec.org is a start but impossible to continue or extend large scale without vendor help


 * summit_session_objective_name4 = Goal II: Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and tags. Mainly Opera and Mozilla are addressed here.


 * summit_session_objective_name5 =  Long Term Goal(s): Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.


 * working_session_date_and_time = Tuesday, 09 February Time: TBA




 * discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.




 * operational_resources = Projector, whiteboards, markers, Internet connectivity, power




 * working_session_additional_details =

Co-chair Mario Heiderich
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' – a book on how an attacker would bypass different types of security controls including IDS/IPS.

Co-chair Gareth Heyes
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind JSReg – a Javascript sandbox which converts code using regular expressions; HTMLReg & CSSReg – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' – a book on how an attacker would bypass different types of security controls including IDS/IPS.




 * summit_session_deliverable_name1 = Browser Security Report
 * summit_session_deliverable_url_1 =


 * summit_session_deliverable_name2 = Browser Security Priority Report
 * summit_session_deliverable_url_2 =


 * summit_session_deliverable_name3 =
 * summit_session_deliverable_url_3 =


 * summit_session_deliverable_name4 =
 * summit_session_deliverable_url_4 =


 * summit_session_deliverable_name5 =
 * summit_session_deliverable_url_5 =


 * summit_session_deliverable_name6 =
 * summit_session_deliverable_url_6 =


 * summit_session_deliverable_name7 =
 * summit_session_deliverable_url_7 =


 * summit_session_deliverable_name8 =
 * summit_session_deliverable_url_8 =




 * summit_session_leader_name1 = Mario Heiderich
 * summit_session_leader_email1 =
 * summit_session_leader_username1 =


 * summit_session_leader_name2 = Gareth Heyes
 * summit_session_leader_email2 = gazheyes@gmail.com
 * summit_session_leader_username2 = Gareth Heyes


 * summit_session_leader_name3 =
 * summit_session_leader_email3 =
 * summit_session_leader_username3 =




 * operational_leader_name1 = John Wilander
 * operational_leader_email1 = john.wilander@owasp.org
 * operational_leader_username1 = John.wilander

}}
 * meeting_notes =
 * session_name_mask = Session002
 * session_home_page = Summit_2011_Working_Sessions/Session002
 * session_name_mask = Session002
 * session_home_page = Summit_2011_Working_Sessions/Session002