Wanted: HTML5 et.al. Security Solutions
Hi -
I am researching approaches to protecting against Web risks, specifically in
the HTML5 area, where I include language elements/attributes, CORS, XHR2,
Websockets, Web Workers, Web Messaging (e.g. jpostMessage), and Storage.
Looking for 1) native browser techniques/plugins; 2) vendor offerings; and
3) PoC tools that mitigate published issues.
In particular, I am interested in vendors with HTML5-specific capabilities.
Just to be clear - I have done a lot of research on the technologies and
ways they might be manipulated or attacked and am now looking for ways to
address/mitigate the problems.
The research report will be available this quarter, so if you want a copy,
please send me a note offline. (I am looking for a few early reviewers as
well). Goal is to translate technical implications of HTML5 into business
risks - geared to enterprise CISO audience.
thanks,
Pete
Pete Lindstrom
Principal, VP of Research
Spire Security, LLC
@SpireSec
610-644-9064
I should also point out that I am familiar with the OWASP cheat sheets and
the security recommendations made in the specs themselves, more looking for
specific implementations and novel approaches. Sorry for the extra msg. --
Pete
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Pete Lindstrom
Sent: Monday, April 23, 2012 11:56 AM
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] Wanted: HTML5 et.al. Security Solutions
Hi -
I am researching approaches to protecting against Web risks, specifically in
the HTML5 area, where I include language elements/attributes, CORS, XHR2,
Websockets, Web Workers, Web Messaging (e.g. jpostMessage), and Storage.
Looking for 1) native browser techniques/plugins; 2) vendor offerings; and
3) PoC tools that mitigate published issues.
In particular, I am interested in vendors with HTML5-specific capabilities.
Just to be clear - I have done a lot of research on the technologies and
ways they might be manipulated or attacked and am now looking for ways to
address/mitigate the problems.
The research report will be available this quarter, so if you want a copy,
please send me a note offline. (I am looking for a few early reviewers as
well). Goal is to translate technical implications of HTML5 into business
risks - geared to enterprise CISO audience.
thanks,
Pete
Pete Lindstrom
Principal, VP of Research
Spire Security, LLC
@SpireSec
610-644-9064
Here is a fairly recently OWASP guide on HTML 5 security. Feedback
always appreciated.
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
- Jim Manico
Hi -
I am researching approaches to protecting against Web risks, specifically in
the HTML5 area, where I include language elements/attributes, CORS, XHR2,
Websockets, Web Workers, Web Messaging (e.g. jpostMessage), and Storage.
Looking for 1) native browser techniques/plugins; 2) vendor offerings; and
3) PoC tools that mitigate published issues.
In particular, I am interested in vendors with HTML5-specific capabilities.
Just to be clear - I have done a lot of research on the technologies and
ways they might be manipulated or attacked and am now looking for ways to
address/mitigate the problems.
The research report will be available this quarter, so if you want a copy,
please send me a note offline. (I am looking for a few early reviewers as
well). Goal is to translate technical implications of HTML5 into business
risks - geared to enterprise CISO audience.
thanks,
Pete
Pete Lindstrom
Principal, VP of Research
Spire Security, LLC
@SpireSec
610-644-9064
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org