Difference between revisions of "OWASP Working Session - Browser Security"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''  
 
  | colspan="6" style="width:85%; background:#cccccc" align="left"|
 
  | colspan="6" style="width:85%; background:#cccccc" align="left"|
OWASP Working Group - Browser Security
+
OWASP ISWG = OWASP Intrinsic Security Working Group
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
 
  | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi''']  
 
  | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi''']  
 
  | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:name(at)name '''TBD''']
 
  | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:name(at)name '''TBD''']
  | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-education '''Subscription Page''']
+
  | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-browser-security-wg '''Subscription Page''']
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 25: Line 25:
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
 
  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">
 
  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">
* How to improve knowledge transfer from OWASP projects towards the community,
+
* Discuss ongoing HTML5 security research,
* How to create training material (lessons, classes, courses) from OWASP project material?
+
* Discuss further ramifications of HTML5 (cross-site XHR, Access-Control, client storage, etc.),
* How to set up an OWASP education baseline,
+
* Take a look at security critical areas and discuss possible browser improvements.
* How to setup an OWASP Boot Camp,
+
* How to connect to organisation to promote OWASP education content: e.g. universities, other non-profit (or profit?) education organisations,
+
* How to organize the OWASP / Conference trainings to make them the best in the world?
+
* Can we integrate this into OWASP certification projects?
+
* How to setup an OWASP Boot Camp?
+
* How to create lessons, classes, courses from OWASP project material?
+
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
 
  | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]  
 
  | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]  
  | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5, 2008 <br>Time TBD
+
  | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4 & 7, 2008 <br>Time TBD
  | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Everybody is a Participant"
+
  | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>TBD<br>"Everybody is a Participant" or "Participants + Attendees"
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 55: Line 49:
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''  
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''  
 
  |-
 
  |-
  | style="width:100%; background:#cccccc" align="left"|There is plenty of knowledge available inside the OWASP community. This is spread via the OWASP AppSec Conferences and the local chapter meetings, not to forget the books available now. Another, very important way to distribute the available knowledge is to teach! In plenty presentations knowledge is put into slides to share it. The next step is to reuse the information of those presentations and create training material. In a Boot Camp for example, it's not only about telling how to break stuff, but let the attendees break it themselves. Also let them fix the problems, with guidance of the experienced!
+
  | style="width:100%; background:#cccccc" align="left"|Browsers to invite: IE, FF, Safari, Opera and Chrome.
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 65: Line 59:
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Educational Support on Winter of Code 2008.  
+
  | style="width:46%; background:#C2C2C2" align="center"|OWASP Top 10 Browser Wishlist.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Guildeline about creating training material.  
+
  | style="width:46%; background:#C2C2C2" align="center"|Actionable advice and technical arguments for HTML5 feature set.
 +
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
 +
|-
 +
| style="width:7%; background:#7B8ABD" align="center"|
 +
| style="width:46%; background:#C2C2C2" align="center"|Establish OWASP points-of-contact for W3C.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
Line 75: Line 73:
 
  | style="width:46%; background:#C2C2C2" align="center"|Fill in here.
 
  | style="width:46%; background:#C2C2C2" align="center"|Fill in here.
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
  |}
+
|}
 
== Working Session Participants ==
 
== Working Session Participants ==
 
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
 
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

Revision as of 06:39, 5 October 2008

Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name Browser Security
Short Work Session Description TBD
Related Projects (if any)

OWASP ISWG = OWASP Intrinsic Security Working Group

Email Contacts & Roles Chair
Arshan Dabirsiaghi
Secretary
TBD
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  • Discuss ongoing HTML5 security research,
  • Discuss further ramifications of HTML5 (cross-site XHR, Access-Control, client storage, etc.),
  • Take a look at security critical areas and discuss possible browser improvements.
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 4 & 7, 2008
Time TBD
Discussion Model
TBD
"Everybody is a Participant" or "Participants + Attendees"
WORKING SESSION OPERATIONAL RESOURCES
Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
WORKING SESSION ADDITIONAL DETAILS
Browsers to invite: IE, FF, Safari, Opera and Chrome.
WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
OWASP Top 10 Browser Wishlist. After the Board Meeting - fill in here.
Actionable advice and technical arguments for HTML5 feature set. After the Board Meeting - fill in here.
Establish OWASP points-of-contact for W3C. After the Board Meeting - fill in here.
Fill in here. After the Board Meeting - fill in here.

Working Session Participants

(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1
2
3
4
5
6
7
8
9
10

If needed add here more lines.