Re: Security Sandboxing Browser Features and Domains from Ganesh B on 2022-07-11 (public-privacycg@w3.org from July 2022)

From: Ganesh B <ganeshsurfs@gmail.com>
Date: Mon, 11 Jul 2022 12:02:36 +0530
To: John Wilander <wilander@apple.com>
Cc: Ganesh B <ganeshsurfs@gmail.com>, "public-privacycg@w3.org" <public-privacycg@w3.org>
Message-ID: <CAEUOASY45=x25_5Pc0vCz7GXfw_mEO99_UJuXKNEjOjWQWJjeQ@mail.gmail.com>

Hello Mr John,

Nice and thank you for a quick response.

I was unaware of the group. I thought this would be a browser standards
implementation so joined this group.

Domain hard sandboxing is one of the many target points I may also wish to
explore considering so many cross domain cookie thefts and forgeries; apart
from the fact that MIM attacks are yet one breach points that may need to
be addressed seperately.

I will connect in case of any follow-ups. Let me connect to the WebAppSec
team for a quick follow up. Thank you.

Have a great day ahead.

Regards,
Ganesh B

On Monday, July 11, 2022, John Wilander <wilander@apple.com> wrote:

> Hi Ganesh!
>
> Web application security belongs with the WebAppSec Working Group in W3C,
> not the Privacy Community Group. Cookie blocking may be a fit for this
> group but it seems you are thinking of it from a security standpoint which
> again implies WebAppSec WG. Thanks!
>
>    Regards, John
>
> On Jul 10, 2022, at 19:21, Ganesh B <ganeshsurfs@gmail.com> wrote:
>
> Hello,
>
> Greetings.
>
> I think many of you have had been busy. A quick check and follow up on the
> browser security options.
>
> Anyone for sandboxing and sanity checks using a strict mode option?
>
> I am sure, this issue can be a great change maker. I see most bounties for
> hacks have been revolving around SSR, XSS, CSRF, and a couple in the OWASP
> top 10.
>
> I am definitely open to widen my view horizon in case anyone finds this as
> a low lying fruit of improvement.
>
> Have a nice day ahead.
>
> Regards,
> Ganesh B
>
>
> ---------- Forwarded message ----------
> From: *Ganesh B* <ganeshsurfs@gmail.com>
> Date: Thursday, June 23, 2022
> Subject: Security Sandboxing Browser Features and Domains
> To: public-privacycg@w3.org
>
>
> Hello Team,
>
> Greetings.
>
> I just created and joined the w3c community here and it seems I may be
> knowing some of you somehow, directly/indirectly.
>
> I wanted to propose sharing of work on features and IP Process of Security
> Sandboxing (Feature/Domains) for the browsers. This focus is to create
> sandboxing of browsers to target XSS, CSRF, Cross Domain
> Shared/non-shared Cookie Access Blocking from third party domains.
> Possibly, ScriptInjection (urls, plus ...) as well.
>
> I have put a few thoughts here in the twitter post. I am sure most of you
> are working on something similar.
>
> Have a nice day ahead.
>
> Regards,
> Ganesh B
>
>
>

Received on Monday, 11 July 2022 06:32:50 UTC