[OWASP-GUIDE] Guide Chapter 10 Thoughts

Alex Russell alex at netWindows.org
Tue Jan 28 20:13:06 EST 2003


On Tuesday 28 January 2003 16:54, Jeremy Poteet wrote:
> Thanks, Gene.  We'd be glad to involve you on what we're doing.  We're
> going to send out a proposed outline next week and then we can talk to
> see what existing material can be used as is, what needs re-written and
> what needs added.

Well, today's discussion indicates that there's going to be an almost 
complete rewrite necessaray. The things I suggest keeping:

	* canonicalization discussion (null bytes, Unicode, etc...)
	* overview of what SQL injection attacks look like
	* a discussion of double encoding/decoding
	* a discussion of why passing user provided HTML back to another user is 
bad (XSS)

Even these sections will require a large rewrite.

-- 
Alex Russell
alex at netWindows.org
alex at SecurePipe.com




More information about the Owasp-guide mailing list