Many people probably do something similar, but for years I’ve kept a running list of unsolved technology problems that I’ve come across. Typically specific things I’d like to build, design, or break. As it applies to Web security some are potential hacks, defense measures, or conceptual designs mostly regarding Web browsers and Websites. This serves as a nice in-flight activity as opposed to crossword puzzles, some being more compelling to work on than others. When I post some little trick here it usually comes off this list, still the list always seems to grow instead of shorten. ;)
Anyway, I thought it might be interesting for others too see several of the things currently on my list. See below.
What unsolved Web security problems are you working on?
- Create a better CAPTCHA that scores a better on the Effectiveness Test than the current image version everyone hates
- Develop a CSRF defensive measure that’s effective in the presence of an XSS vulnerability on the same target domain
- Design a conceptual replacement for the Web browser same-origin policy that addresses its deficiencies
- Find a way to SCRIPT SRC or included within the DOM a JSON feed wrapped using curly braces