Agenda

• we really need to find a time that works for all...

Status Updates

• freddyb
  • makes escape-artist work with handling binary data & innerHTML properly (requires php now)
• psiinon
  • has been preparing for a talk at appsec USA.
  • has got basic DOM XSS fuzzing happening in ZAP. It's kinda crusty (in mgoodwin's opinion) but that's mostly mgoodwin's fault.
• mgoodwin
  • Did a crappy XSS bug oracle in the PnH probe.
  • Helped diagnose some bugs in psiinon's code.
  • Did a little work on ringleader impls. of what psiinon has got working with the content probe
  • Has mostly been working on secreviews this week
• ulfr
  • No recent work on MIG. Worked on Risk Assessment for Mozilla. Goal is to have standard risk levels that we can use in other tools as well.
• stefan
• dchan
  • N/A I actually made it to the meeting