[Owasp-portland] What are you more interested in learning about?

Timothy D. Morgan tmorgan-owasp at vsecurity.com
Thu May 6 23:53:02 EDT 2010

Hey Wil,

> I like your ideas.  Some more off the top of my head:

Good.  Do any of the items on my list stand out as ones you'd like to
hear about first?

> - HTML 5 vulnerabilities and/or surface area.  Video/Audio/Canvas
> aside, seems like there is room for some discussion about data
> attributes, local storage, offline apps, geolocation, etc.

I'm definitely interested in hearing more about HTML 5 security.

> - Pros and Cons of CSP (https://wiki.mozilla.org/Security/CSP)

This would also be awesome to hear more about.  I've personally become
more interested in how HTTP/HTML/browser/etc standards can address
broad categories of issues.

> - Threats and exploits using Unicode.  The O'Reilly book on Unicode is
> 700 pages long and I think I've met 2 people in my life that fully
> understand Unicode and encoding.  This area seems ripe for abuse.

Hah, you've met 2?  I haven't met any, though I've hand to wrestle
with it a bit now and again, and enjoy UTF-7 XSS. =)

> - Logging best practices, both in the app and on the backend
> (aggregation, storage, analysis)
> - Vulnerabilities we can expect due to the rise of mobile devices.
> I'm not sure there is a presentation here, but something to think
> about:  alternate views of data for the small screens, alternate
> routes onto a network, complete trust in app stores, etc.

All of these are great ideas.  Would you like to present on some of

A note to everyone: we don't necessarily need a polished formal
presentation from you to come and start a discussion on a topic.  A
handful of slides (or a sketch on a white board) along with a topic
you're passionate about is more than enough to get us thinking.
Think of it as play Discussion Leader.

We clearly haven't had a strong start to getting regular meetings
going, and it's primarily because we've had a heck of a time getting
folks to commit to speaking.  I plan on jumping in more when I can,
but I think everyone will start to get kind of sick of listening to me
after a while.


More information about the Owasp-portland mailing list