[owasp-intrinsic-security] Google's Browser Security Handbook

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Dec 17 12:02:41 EST 2008

Thanks for starting this conversation! I've been going through it -
there is no equivalent body of knowledge in browser security. Before I
start my response, let me show you the charter for the ISWG as sent to
the OWASP board this week:

1. Contribute OWASP's security knowledge to standards organizations
2. Act as a consumer awareness group for web application frameworks
security and browser security
3. Serve as a platform for OWASP members who want to affect change at
any of the building blocks in today's or tomorrow's web applications

I'm really happy they published this research because it means we don't
have to do it. It also profoundly impacts our charter. Using that
information, we can abstract, after consensus, high level capabilities
of browsers (like in the spreadsheet we worked on) and use that to allow
consumers to make smart choices when looking at browser security. 

During the few months I've been leading up this effort, I've realized
that the browser vendors have good security teams that are trying to
tackle today's problems. So, the niche that needs to be filled is the
"forward looking good guys". Hopefully, ISWG can do that. We can also do
some of the other community support stuff too, like our current work on
the HTTPOnly spec.


-----Original Message-----
From: owasp-intrinsic-security-bounces at lists.owasp.org
[mailto:owasp-intrinsic-security-bounces at lists.owasp.org] On Behalf Of
Alex Smolen
Sent: Wednesday, December 17, 2008 11:43 AM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] Google's Browser Security Handbook

Just stumbled across this - these Google guys seem to know what  
they're doing :)

Browser Security Handbook

owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org

More information about the owasp-intrinsic-security mailing list