[Owasp-portland] What are you more interested in learning about?
clouserw at gmail.com
Wed May 5 12:05:42 EDT 2010
I like your ideas. Some more off the top of my head:
- HTML 5 vulnerabilities and/or surface area. Video/Audio/Canvas
aside, seems like there is room for some discussion about data
attributes, local storage, offline apps, geolocation, etc.
- Pros and Cons of CSP (https://wiki.mozilla.org/Security/CSP)
- Threats and exploits using Unicode. The O'Reilly book on Unicode is
700 pages long and I think I've met 2 people in my life that fully
understand Unicode and encoding. This area seems ripe for abuse.
- Logging best practices, both in the app and on the backend
(aggregation, storage, analysis)
- Vulnerabilities we can expect due to the rise of mobile devices.
I'm not sure there is a presentation here, but something to think
about: alternate views of data for the small screens, alternate
routes onto a network, complete trust in app stores, etc.
On Wed, May 5, 2010 at 8:32 AM, Timothy D. Morgan
<tmorgan-owasp at vsecurity.com> wrote:
> I'd like to give more OWASP talks, but I'm not sure what folks are
> most interested in. Here are a few ideas I had:
> Breaking Cryptography in Practice
> This would cover how cryptography is commonly used in custom
> applications, what mistakes are often made and how to exploit these
> Why You Should Place All of Your Websites Under HTTPS
> Here I would cover two serious recent threats to web security:
> HTML/HTTP/SSL downgrade attacks (a.k.a sslstrip attacks) and DNS
> Short Series on Browser Security
> I thought it might be fun to give a series of short talks (read: with
> few slides/materials) on browser security which would cover some or
> all of the following topics:
> - Same-origin policy (SOP) basics
> - Cross-site scripting (a.k.a. A decade of SOP bypass)
> - Cross-site request forgery (a.k.a. how SOP is broken to begin with)
> - DNS rebinding (a.k.a. Not your Momma's SOP bypass)
> - Click-jacking (a.k.a. the GUI is not your friend)
> - Overview of attacks on browsers
> - Writing secure Java Web Start applications
> Let me know what you're most interested in and I'll try to get a few
> presentations put together.
> Owasp-portland mailing list
> Owasp-portland at lists.owasp.org
More information about the Owasp-portland