Summit 2011 Working Sessions/Session003

{{Template: {{{1}}} Summit 2011 Working Sessions test tab


 * summit_session_attendee_name1 = John Wilander
 * summit_session_attendee_email1 = john.wilander@owasp.org
 * summit_session_attendee_company1=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=


 * summit_session_attendee_name2 = Michael Coates
 * summit_session_attendee_email2 =
 * summit_session_attendee_company2=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=


 * summit_session_attendee_name3 = Colin Watson
 * summit_session_attendee_email3 =
 * summit_session_attendee_company3=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=


 * summit_session_attendee_name4 = Stefano Di Paola
 * summit_session_attendee_email4 =
 * summit_session_attendee_company4=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=


 * summit_session_attendee_name5 =
 * summit_session_attendee_email5 =
 * summit_session_attendee_company5=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=


 * summit_session_attendee_name6 =
 * summit_session_attendee_email6 =
 * summit_session_attendee_company6=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=


 * summit_session_attendee_name7 =
 * summit_session_attendee_email7 =
 * summit_session_attendee_company7=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=


 * summit_session_attendee_name8 =
 * summit_session_attendee_email8 =
 * summit_session_attendee_company8=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=


 * summit_session_attendee_name9 =
 * summit_session_attendee_email9 =
 * summit_session_attendee_company9=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=


 * summit_session_attendee_name10 =
 * summit_session_attendee_email10 =
 * summit_session_attendee_company10=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=


 * summit_session_attendee_name11 =
 * summit_session_attendee_email11 =
 * summit_session_attendee_company11=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=


 * summit_session_attendee_name12 =
 * summit_session_attendee_email12 =
 * summit_session_attendee_company12=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=


 * summit_session_attendee_name13 =
 * summit_session_attendee_email13 =
 * summit_session_attendee_company13=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=


 * summit_session_attendee_name14 =
 * summit_session_attendee_email14 =
 * summit_session_attendee_company14=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=


 * summit_session_attendee_name15 =
 * summit_session_attendee_email15 =
 * summit_session_attendee_company15=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=


 * summit_session_attendee_name16 =
 * summit_session_attendee_email16 =
 * summit_session_attendee_company16=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=


 * summit_session_attendee_name17 =
 * summit_session_attendee_email17 =
 * summit_session_attendee_company17=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=


 * summit_session_attendee_name18 =
 * summit_session_attendee_email18 =
 * summit_session_attendee_company18=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=


 * summit_session_attendee_name19 =
 * summit_session_attendee_email19 =
 * summit_session_attendee_company19=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=


 * summit_session_attendee_name20 =
 * summit_session_attendee_email20 =
 * summit_session_attendee_company20=
 * summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=


 * summit_track_logo = [[Image:T._browser_security.jpg]]
 * summit_ws_logo = [[Image:WS._browser_security.jpg]]
 * summit_session_name = EcmaScript 5 Security
 * summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003
 * mailing_list = https://groups.google.com/group/owasp-summit-browsersec
 * mailing_list = https://groups.google.com/group/owasp-summit-browsersec


 * short_working_session_description=


 * related_project_name1 = Browser Security Track - main page
 * related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track


 * related_project_name2 = Google Group for the Browser Security Track
 * related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec


 * related_project_name3 =
 * related_project_url_3 =


 * related_project_name4 =
 * related_project_url_4 =


 * related_project_name5 =
 * related_project_url_5 =




 * summit_session_objective_name1= Fix the problems with Object.defineProperty and property unsealing / double-freezing. Implement it if not yet done.


 * summit_session_objective_name2 = Goal I: Raise awareness for the power or object freezing in a security context. ES5 can really make a change here.


 * summit_session_objective_name3 = Goal II: Raise awareness in seeing the DOM as the place where XSS attacks actually take place - and where they should be prevented. CSP is a great yet still immature start - but worth discussing and extending. Discuss specification drafts for a secure DOM and easy to configure capability profiles with reasonable and quantitative proofs of concept.


 * summit_session_objective_name4 = Long Term Goal: Discuss the possibility of vendor supported client side security mechanisms. Client side IDS/IPS based on ES5 can be possible - yet have to be designed and specified.


 * summit_session_objective_name5 =


 * working_session_date_and_time = Tuesday, 09 February Time: TBA




 * discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.




 * operational_resources = Projector, whiteboards, markers, Internet connectivity, power




 * working_session_additional_details =

Co-chair Mario Heiderich
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' – a book on how an attacker would bypass different types of security controls including IDS/IPS.

Co-chair 2
To be confirmed.




 * summit_session_deliverable_name1 = Browser Security Report


 * summit_session_deliverable_name2 = Browser Security Priority List


 * summit_session_deliverable_name3 =


 * summit_session_deliverable_name4 =


 * summit_session_deliverable_name5 =


 * summit_session_deliverable_name6 =


 * summit_session_deliverable_name7 =


 * summit_session_deliverable_name8 =




 * summit_session_leader_name1 = Mario Heiderich
 * summit_session_leader_email1 =


 * summit_session_leader_name2 = TBC
 * summit_session_leader_email2 =


 * summit_session_leader_name3 =
 * summit_session_leader_email3 =




 * operational_leader_name1 = John Wilander
 * operational_leader_email1 = john.wilander@owasp.org

}}
 * meeting_notes =
 * session_name_mask = Session003
 * session_home_page = Summit_2011_Working_Sessions/Session003
 * session_name_mask = Session003
 * session_home_page = Summit_2011_Working_Sessions/Session003