[WEB SECURITY] Wanted: HTML5 et.al. Security Solutions
petelind at spiresecurity.com
Mon Apr 23 12:56:56 EDT 2012
I should also point out that I am familiar with the OWASP cheat sheets and
the security recommendations made in the specs themselves, more looking for
specific implementations and novel approaches. Sorry for the extra msg. --
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Pete Lindstrom
Sent: Monday, April 23, 2012 11:56 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] Wanted: HTML5 et.al. Security Solutions
I am researching approaches to protecting against Web risks, specifically in
the HTML5 area, where I include language elements/attributes, CORS, XHR2,
Websockets, Web Workers, Web Messaging (e.g. jpostMessage), and Storage.
Looking for 1) native browser techniques/plugins; 2) vendor offerings; and
3) PoC tools that mitigate published issues.
In particular, I am interested in vendors with HTML5-specific capabilities.
Just to be clear - I have done a lot of research on the technologies and
ways they might be manipulated or attacked and am now looking for ways to
address/mitigate the problems.
The research report will be available this quarter, so if you want a copy,
please send me a note offline. (I am looking for a few early reviewers as
well). Goal is to translate technical implications of HTML5 into business
risks - geared to enterprise CISO audience.
Principal, VP of Research
Spire Security, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity