Update: Dmitry from SecuriTeam has posted his silty TODO list as well.
Over the past few months I’ve released MOST of my dust-collecting browser hacks I thought people would find interesting. It’s fun speaking with people about them, seeing them out the code, and in many cases take it to the next level. And when conversing with others and thinking deeply about the industry, it’s common to brainstorm new “project” ideas that would be cool to work on. I’ve collected a ton of great stuff. The problem is there’s simply not enough time to work on them all. The result again is a dust-collecting list of the undone. It’s time to empty few of those out too.
Standardized Severity Rating System for Web Application Vulnerabilities
Only a tiny fraction of people in the web application security industry use the available severity rating systems like DREAD, TRIKE, and CVSS. The reasons why are not known exactly, but the feeling I get is that the systems really don’t apply to this field. Something specific needs to be developed.
Web Application Security Professional Certification
There is a huge shortage of experienced and knowledgeable web application security professionals. As a result there’s a big need for training of developers, info sec’s, and managers to fill the gap. And when organizations hire for webappsec roles, it’s difficult for them to find those who really know what their doing and weed out the rest. There’s a building need for CISSP, SANS certification, etc for web application security roles.
Client-side solutions against XSS and CSRF
We all know it, there’s not a whole lot we can do to protect ourselves from XSS and CSRF attacks. And we’re the people in the know, so think about what everyone else is going to have to put up with. It doesn’t appear to me that the browser vendors are doing much of anything to remedy the situation either. So if you have any bright ideas on the subject, now is the time to voice them. Perhaps there could be prototyped in Plug-ins before they go into the major releases.
Open source web application scanner
In the network security field there’s tons of respectable free and open source vulnerability scanners like Nessus, SAINT, etc. They serve a variety of purposes, not the least of which is to push the commercial guys to make their products better and worth the money people spend. There needs to be the same choice in the web application security world. I’m talking way beyond Nikto and the other CGI scanners. There needs to be an OS product that can login, crawl, inject, forced browse, etc. This is not easy to build, but an idea who’s time has definitely come.
I'll publish a few more later. If you have other ideas you want to share, your welcome to.