[Owasp-guide] Volunteering for Output Encoding Chapter

• Previous message: [Owasp-guide] Volunteering for Output Encoding Chapter
• Next message: [Owasp-guide] Volunteering for Output Encoding Chapter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Totally fair. It's just that we need a lot more than just OE to stop XSS...

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On May 16, 2012, at 9:02 PM, Abraham Kang <abraham.kang at owasp.org> wrote:

I think output encoding can apply to any executable context including
command line output, xml, shell script, sql.  If the chapter is to focused
on xss, I can modify it.

--Abe
On May 14, 2012 8:10 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

>  Abe,
>
> Can we rename the output encoding section and call it "XSS Prevention"
> instead?
>
> Complete XSS prevention requires validation, HTML policy validation,
> proper JSON parsing and a host of other techniques other than just output
> encoding.
>
> Fair? Interested?
>
> Aloha,
> Jim
>
>
>  I want to volunteer to take the Output Encoding Chapter.  I added the
> chapter a while ago but it has been sitting idle.
>
> The content is pretty much done but may need minor reorganization.
>
> Regards,
> Abe
>
>
>
>
> _______________________________________________
> Owasp-guide mailing listOwasp-guide at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
> --
> Jim Manico
>
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
>
> jim at owasp.org
> www.owasp.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120517/1d8f67f4/attachment-0001.html>

• Previous message: [Owasp-guide] Volunteering for Output Encoding Chapter
• Next message: [Owasp-guide] Volunteering for Output Encoding Chapter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]