[Owasp-leaders] Fwd: Updates on the HTML5 Security Cheat Sheet

Mon Sep 3 13:24:30 UTC 2012

+1 thanks to Juan,
I was really looking for something like this myself!
Will try to contribute.
-Abbas

______________________________________________________________
Notice: This message is digitally signed, this means that its source and integrity are verifiable.Certain mail clients would automatically verify this email and present a "signed and sealed" sign, but others might just provide  a downloadable file (smime.p7s), which includes the X.509 certificate and the signature body.
In this case, you can either ignore it or manually verify it. Read more on this at Certified E-Mail with Comodo and Thunderbird at AbiusX.com

On ۱۳ شهریور ۱۳۹۱, at ۱۷:۳۹, Jim Manico <jim.manico at owasp.org> wrote:

> Juan Galiana has been making quite a few significant modifications to the HTML5 Cheat Sheet. This makes me very happy.
> 
> For those of your who are HTML5 subject matter experts, please review the latest changes:
> 
> https://www.owasp.org/index.php?title=HTML5_Security_Cheat_Sheet&action=historysubmit&diff=135199&oldid=132783
> 
> ... or just check out ...
> 
> https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
> 
> This why I am so passionate about this series. Unlike a giant book that is updated every 3-5 years (at best) the cheat sheet series will constantly evolve in real time providing consumable bits of information that are kept up to date. I still think all of the major guides are critical and I am thrilled to see activity in those areas (testing, secure dev, code review).
> 
> Thank you Juan! Keep cheating! ;)
> 
> Aloha,
> Jim Manico
> OWASP Volunteer
> 
> 
> -------- Original Message --------
> Subject:	Updates on the HTML5 Security Cheat Sheet
> Date:	Mon, 03 Sep 2012 12:55:24 +0100
> From:	Juan Galiana <jgaliana at owasp.org>
> To:	mark.roxberry at owasp.org, krzysztof at kotowicz.net, will at cltnc.us, shreeraj.shah at blueinfy.net, Jim Manico <jim.manico at owasp.org>
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi guys,
> 
> I've been doing some updates to the HTML5 Security Cheat Sheet[1], in
> particular I've reorganised a bit the topics, added some more content
> and created few sections.
> One of the last sections I've added was a brief HTTP Headers section,
> that even though is not part of the HTML5 standard, is the way to deploy
> some new security protections and send them to the browser where the
> policies are enforced. Feel free to comment on this or change what you
> consider. My plan is to keep this updated, so even the Cheat Sheet is an
> stable status, I'll be adding some more content in an ongoing basis.
> 
> Also, I'm going to give a talk about this topic on the upcoming AppSec
> Ireland this Thursday to spread the word. Here are the slides in case
> you want to have a look. (Note the slide deck is not public yet)
> 
> http://vps16610.ovh.net/cf059ba85273c372a44353fcb307689f/AppSec_Ireland_2012_HTML5_Security_Cheat_Sheet.pdf
> 
> 
> I'd love to hear some feedback from you.
> 
> 
> @Jim: I've seen you are coming to Dublin, so see you in AppSec! :)
> 
> All the best,
> 
> [1] https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
> 
> - -- 
> Juan Galiana
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (Darwin)
> 
> iQIcBAEBAgAGBQJQRJqsAAoJEBxa26374/HXf/IP/j1OFwFXDiEZ1HLvjeuKp3n3
> UF1fvaxbnFrE5AWpRQlxThnVsjOoUvvQsuYLPi9qDXv+u19+FvThQvylWuTBAeDh
> bvzYAHSKx9ss32jelY+5asR1ZKvVhtUbyCtxmFAb8x2EtfnXdP6wCPeQPyHUaVbF
> lIkUH6vEEDDsaCvRtV2SfTIjsY0r2icZS/geYdzirxyg6D8ZWawLBGJDhQOoLAhu
> AueVKSNZXDqpW5yglNCLmqnii0dM8UzIGO3r/5rS5LvqW0ZVK3vbmiZ406j4WAg/
> LXj+Y0Nvz0H9fVl8HyJOfGZ/eX35bLV0KtEiOFCl51NRznC1zowkVWmRDl7L+sri
> B/UdDILBZB1DpZTyS0SuLcbaW97QiSk6ALHUWLzQebhxaw/Es6NkQmkYwYBwxd6D
> N//EUoZkMqorqzh9WBH3/Jqyn/iqZotQw4HBGJJQ8C7ynjxsL+et8GA/IEwnoFjZ
> iW6v/Ax7kjV+pxu6LWhfFtEinD66kcnbX/47QYIIBYALBObde4S6GJtipetWxfzz
> 25cdWlBOnt781SCryP85ymCUB5WlEjkyAwe0IhOH1WNyF/I0Tak0qnMOKo8CmLap
> CQ9aw9oDTjz8DOdvEBCvlQPzcJ+QKHMyJ8WlfeKLvqq1xAO9jS/AaOBmtdhu5uTy
> Qkp/JeSKmEG5QsspI3pW
> =K6Lh
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120903/9ad3c4a5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120903/9ad3c4a5/attachment-0001.bin>