[Owasp-portland] What are you more interested in learning about?

Wil Clouser clouserw at gmail.com
Wed May 5 12:05:42 EDT 2010


I like your ideas.  Some more off the top of my head:

- HTML 5 vulnerabilities and/or surface area.  Video/Audio/Canvas
aside, seems like there is room for some discussion about data
attributes, local storage, offline apps, geolocation, etc.

- Pros and Cons of CSP (https://wiki.mozilla.org/Security/CSP)

- Threats and exploits using Unicode.  The O'Reilly book on Unicode is
700 pages long and I think I've met 2 people in my life that fully
understand Unicode and encoding.  This area seems ripe for abuse.

- Logging best practices, both in the app and on the backend
(aggregation, storage, analysis)

- Vulnerabilities we can expect due to the rise of mobile devices.
I'm not sure there is a presentation here, but something to think
about:  alternate views of data for the small screens, alternate
routes onto a network, complete trust in app stores, etc.

Wil

On Wed, May 5, 2010 at 8:32 AM, Timothy D. Morgan
<tmorgan-owasp at vsecurity.com> wrote:
>
> I'd like to give more OWASP talks, but I'm not sure what folks are
> most interested in.  Here are a few ideas I had:
>
> Breaking Cryptography in Practice
>
> This would cover how cryptography is commonly used in custom
> applications, what mistakes are often made and how to exploit these
> conditions.
>
>
>
> Why You Should Place All of Your Websites Under HTTPS
>
> Here I would cover two serious recent threats to web security:
> HTML/HTTP/SSL downgrade attacks (a.k.a sslstrip attacks) and DNS
> rebinding.
>
>
>
> Short Series on Browser Security
>
> I thought it might be fun to give a series of short talks (read: with
> few slides/materials) on browser security which would cover some or
> all of the following topics:
>
> - Same-origin policy (SOP) basics
>
> - Cross-site scripting (a.k.a. A decade of SOP bypass)
>
> - Cross-site request forgery (a.k.a. how SOP is broken to begin with)
>
> - DNS rebinding (a.k.a. Not your Momma's SOP bypass)
>
> - Click-jacking (a.k.a. the GUI is not your friend)
>
> - Overview of attacks on browsers
>
> - Writing secure Java Web Start applications
>
>
>
> Let me know what you're most interested in and I'll try to get a few
> presentations put together.
>
> Cheers,
> tim
> _______________________________________________
> Owasp-portland mailing list
> Owasp-portland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-portland
>


More information about the Owasp-portland mailing list