[Owasp-guide] Volunteering for Output Encoding Chapter

Kevin W. Wall kevin.w.wall at gmail.com
Tue May 15 04:11:01 UTC 2012


At a min, we at least need to show how all these pieces fit together to
prevent XSS. And if "output encoding" serves no other purpose except to
defeat XSS, then I agree with Jim...rename the chapter. Of course input
validation & canonicalization DO serve to prevent other vulnerabilities, so
they can stand on their own.

-kevin
Sent from my Droid; please excuse typos.
On May 14, 2012 11:13 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

>  Abe,
>
> Can we rename the output encoding section and call it "XSS Prevention"
> instead?
>
> Complete XSS prevention requires validation, HTML policy validation,
> proper JSON parsing and a host of other techniques other than just output
> encoding.
>
> Fair? Interested?
>
> Aloha,
> Jim
>
>
>  I want to volunteer to take the Output Encoding Chapter.  I added the
> chapter a while ago but it has been sitting idle.
>
> The content is pretty much done but may need minor reorganization.
>
> Regards,
> Abe
>
>
>
>
> _______________________________________________
> Owasp-guide mailing listOwasp-guide at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
> --
> Jim Manico
>
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
>
> jim at owasp.org
> www.owasp.org
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120515/2de5ac40/attachment-0001.html>


More information about the Owasp-guide mailing list