The top hit is "The WWW Security FAQ" by Lincoln Stein
and John N. Stewart, last revised February 4, **2002**.
http://www.w3.org/Security/Faq/
At least it beats out w3schools ;-)
I'm reminded of this odd state of affairs by the announcement
of a new W3C security-related mailing list (see attached). For
some time it's been on my wishlist to take advantage of the
high ranking of the Security FAQ and put something more actively
maintained there. Perhaps OWEA would like to make my wish come true? ;-)
The next hit is "Web Security - Google Code University - Google Code"
http://code.google.com/edu/security/index.html
Google publishes some great security materials; the one I
bookmarked* and read in detail is:
Announcing "Browser Security Handbook"
http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html
I'm not sure whether that's the same as the Google University
thing or not.
Wikipedia also has lots of great stuff too; I'm often happy
with security-related stuff that I find there; e.g.
http://en.wikipedia.org/wiki/Same_origin_policy
* under http://delicious.com/connolly/security , though delicious
seems to be horked lately. I also maintain
http://delicious.com/connolly/learning and
http://delicious.com/connolly/training . I should probably merge
those... I think I used "training" first, but since seeing
John Seely Brown speak in 2007, I lean more toward "learning".
p.s. Lincoln, John, for context, see
http://lists.w3.org/Archives/Public/public-xg-owea/
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Forwarded message 1
further to my ACTION-323
http://www.w3.org/2001/tag/group/track/actions/323
copying the IETF/W3C liaison list while I'm at it...
> > From: Thomas Roessler <tlr@w3.org>
> >
> > Date: 1 December 2009 15:48:27 GMT+01:00
> >
> > To: public-web-security@w3.org
> >
> > Cc: Thomas Roessler <tlr@w3.org>
> >
> > Subject: Welcome to the W3C web security mailing list
> >
> >
> > With some delay after the security BOF at TPAC, welcome to the W3C
> > web security mailing list. If you want to get off this mailing list,
> > please either contact me directly, or send a note with the subject
> > "unsubscribe" to public-web-security-request@w3.org.
> >
> > The list has a publicly visible archive:
> > http://lists.w3.org/Archives/Public/public-web-security/
> > A companion wiki is also available (writable for anybody with a W3C
> > web account); I've put in a little bit of content to jump-start
> > things (no full minutes from the BOF at TPAC, though):
> > http://www.w3.org/Security/wiki/
> >
> > The scope of the list is broad: "Improving standards and
> > implementations to advance the security of the Web." What's meant
> > by this is that this mailing list is the right place to discuss
> > topics like:
> >
> > - new specs that people want to bring to W3C, IETF or other relevant
> > standards bodies
> > - emerging security issues
> > - bigger themes, like how and where to document the same origin
> > policy
> >
> > With that, it's over to you!
> > --
> > Thomas Roessler, W3C <tlr@w3.org>
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E