[WEB SECURITY] Wanted: HTML5 et.al. Security Solutions
Pete Lindstrom
petelind at spiresecurity.com
Mon Apr 23 12:56:56 EDT 2012
I should also point out that I am familiar with the OWASP cheat sheets and
the security recommendations made in the specs themselves, more looking for
specific implementations and novel approaches. Sorry for the extra msg. --
Pete
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Pete Lindstrom
Sent: Monday, April 23, 2012 11:56 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] Wanted: HTML5 et.al. Security Solutions
Hi -
I am researching approaches to protecting against Web risks, specifically in
the HTML5 area, where I include language elements/attributes, CORS, XHR2,
Websockets, Web Workers, Web Messaging (e.g. jpostMessage), and Storage.
Looking for 1) native browser techniques/plugins; 2) vendor offerings; and
3) PoC tools that mitigate published issues.
In particular, I am interested in vendors with HTML5-specific capabilities.
Just to be clear - I have done a lot of research on the technologies and
ways they might be manipulated or attacked and am now looking for ways to
address/mitigate the problems.
The research report will be available this quarter, so if you want a copy,
please send me a note offline. (I am looking for a few early reviewers as
well). Goal is to translate technical implications of HTML5 into business
risks - geared to enterprise CISO audience.
thanks,
Pete
Pete Lindstrom
Principal, VP of Research
Spire Security, LLC
@SpireSec
www.spiresecurity.com
610-644-9064
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20120423/a2ae2694/attachment-0001.html>
More information about the websecurity
mailing list