[Owasp-leaders] Fwd: Updates on the HTML5 Security Cheat Sheet

Jim Manico jim.manico at owasp.org
Mon Sep 3 13:09:39 UTC 2012


Juan Galiana has been making quite a few significant modifications to 
the HTML5 Cheat Sheet. This makes me very happy.

For those of your who are HTML5 subject matter experts, please review 
the latest changes:

https://www.owasp.org/index.php?title=HTML5_Security_Cheat_Sheet&action=historysubmit&diff=135199&oldid=132783

... or just check out ...

https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

This why I am so passionate about this series. Unlike a giant book that 
is updated every 3-5 years (at best) the cheat sheet series will 
constantly evolve in real time providing consumable bits of information 
that are kept up to date. I still think all of the major guides are 
critical and I am thrilled to see activity in those areas (testing, 
secure dev, code review).

Thank you Juan! Keep cheating! ;)

Aloha,
Jim Manico
OWASP Volunteer


-------- Original Message --------
Subject: 	Updates on the HTML5 Security Cheat Sheet
Date: 	Mon, 03 Sep 2012 12:55:24 +0100
From: 	Juan Galiana <jgaliana at owasp.org>
To: 	mark.roxberry at owasp.org, krzysztof at kotowicz.net, will at cltnc.us, 
shreeraj.shah at blueinfy.net, Jim Manico <jim.manico at owasp.org>



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

I've been doing some updates to the HTML5 Security Cheat Sheet[1], in
particular I've reorganised a bit the topics, added some more content
and created few sections.
One of the last sections I've added was a brief HTTP Headers section,
that even though is not part of the HTML5 standard, is the way to deploy
some new security protections and send them to the browser where the
policies are enforced. Feel free to comment on this or change what you
consider. My plan is to keep this updated, so even the Cheat Sheet is an
stable status, I'll be adding some more content in an ongoing basis.

Also, I'm going to give a talk about this topic on the upcoming AppSec
Ireland this Thursday to spread the word. Here are the slides in case
you want to have a look. (Note the slide deck is not public yet)

http://vps16610.ovh.net/cf059ba85273c372a44353fcb307689f/AppSec_Ireland_2012_HTML5_Security_Cheat_Sheet.pdf


I'd love to hear some feedback from you.


@Jim: I've seen you are coming to Dublin, so see you in AppSec! :)

All the best,

[1] https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

- -- 
Juan Galiana
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQIcBAEBAgAGBQJQRJqsAAoJEBxa26374/HXf/IP/j1OFwFXDiEZ1HLvjeuKp3n3
UF1fvaxbnFrE5AWpRQlxThnVsjOoUvvQsuYLPi9qDXv+u19+FvThQvylWuTBAeDh
bvzYAHSKx9ss32jelY+5asR1ZKvVhtUbyCtxmFAb8x2EtfnXdP6wCPeQPyHUaVbF
lIkUH6vEEDDsaCvRtV2SfTIjsY0r2icZS/geYdzirxyg6D8ZWawLBGJDhQOoLAhu
AueVKSNZXDqpW5yglNCLmqnii0dM8UzIGO3r/5rS5LvqW0ZVK3vbmiZ406j4WAg/
LXj+Y0Nvz0H9fVl8HyJOfGZ/eX35bLV0KtEiOFCl51NRznC1zowkVWmRDl7L+sri
B/UdDILBZB1DpZTyS0SuLcbaW97QiSk6ALHUWLzQebhxaw/Es6NkQmkYwYBwxd6D
N//EUoZkMqorqzh9WBH3/Jqyn/iqZotQw4HBGJJQ8C7ynjxsL+et8GA/IEwnoFjZ
iW6v/Ax7kjV+pxu6LWhfFtEinD66kcnbX/47QYIIBYALBObde4S6GJtipetWxfzz
25cdWlBOnt781SCryP85ymCUB5WlEjkyAwe0IhOH1WNyF/I0Tak0qnMOKo8CmLap
CQ9aw9oDTjz8DOdvEBCvlQPzcJ+QKHMyJ8WlfeKLvqq1xAO9jS/AaOBmtdhu5uTy
Qkp/JeSKmEG5QsspI3pW
=K6Lh
-----END PGP SIGNATURE-----




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120903/07a85fef/attachment.html>


More information about the OWASP-Leaders mailing list