ISWG Status 200811

Revision as of 14:48, 16 December 2008 by Arshan (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The goals for November included publishing the working documents initially produced during the OWASP EU Summit working group sessions. Unfortunately, I was too busy this quarter to find the time to make those materials ready for public consumption. This is a priority goal for the December/January time period.

Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to:

1. Contribute our security knowledge towards standards organizations
2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features
3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications

It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community.

Also, in November a discussion on the board between members led to the creation of a Google group aiming to create an HTTPOnly standard for browser makers to follow. We are now as a group making a first cut at a standard after some deliberation, and have been in discussion with some browser vendors for feedback. This is an extremely positive and global effect.

Finally, in November I participated in the ESAPI as a representative of the ISWG.

The goals of December/January include:

  • Formalizing the documents from the EU Summit and publish them
  • Follow up with HTTPOnly work