Information

New approach to solving client-side security
  • Upcoming
  • Tentative
  • Breakout Sessions

Meeting

Event details

Date:
Japan Standard Time
Status:
Tentative
Location:
R05
Participants:
Florian Scholz, Simon Wijckmans
Big meeting:
TPAC 2025 (Calendar)

https://github.com/w3c/webappsec-csp/issues/736
The energy in the room when we discussed after my presentation was 'CSP was never built for this'. So perhaps now is a great time to think ahead of what CSP will not do and figure out what a good mechanism could look like to stop such attacks (I have suggestions).

Agenda

Chairs:
Simon Wijckmans

Description:
https://github.com/w3c/webappsec-csp/issues/736
The energy in the room when we discussed after my presentation was 'CSP was never built for this'. So perhaps now is a great time to think ahead of what CSP will not do and figure out what a good mechanism could look like to stop such attacks (I have suggestions).

Goal(s):
Ignoring CSP, what would the ideal client-side security solution look like today/

Agenda:

  1. Going over client-side attacks. Those that happen routinely, the rarer ones, the highly targeted ones and the opportunistic spread and pray ones.
  2. limitations of CSP and SRI
  3. What could the alternatives look like - open discussion.
  4. How does JS fit into JS security.

Materials:

Joining Instructions

Instructions are restricted to W3C users . You need to log in to see them.

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.