[Owasp-guide] Volunteering for Output Encoding Chapter

Tim Kulp timkulp at live.com
Thu May 17 13:28:21 UTC 2012


As a thought, should the Output Encryption section be rolled into the Input Validation section? The reason I ask is that Input Validation uses Constrain, Reject and Sanitize as steps in a process. Output Encoding is part of the sanitization and constraining processes. Just a thought.

From: Jim Manico 
Sent: Thursday, May 17, 2012 2:40 AM
To: Abraham Kang 
Cc: owasp-guide at lists.owasp.org 
Subject: Re: [Owasp-guide] Volunteering for Output Encoding Chapter

Totally fair. It's just that we need a lot more than just OE to stop XSS...

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On May 16, 2012, at 9:02 PM, Abraham Kang <abraham.kang at owasp.org> wrote:


  I think output encoding can apply to any executable context including command line output, xml, shell script, sql.  If the chapter is to focused on xss, I can modify it.

  --Abe 

  On May 14, 2012 8:10 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

    Abe,

    Can we rename the output encoding section and call it "XSS Prevention" instead?

    Complete XSS prevention requires validation, HTML policy validation, proper JSON parsing and a host of other techniques other than just output encoding. 

    Fair? Interested?

    Aloha,
    Jim



I want to volunteer to take the Output Encoding Chapter.  I added the
chapter a while ago but it has been sitting idle.

The content is pretty much done but may need minor reorganization.

Regards,
Abe


       

_______________________________________________
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-guide



    -- 
    Jim Manico

    Connections Committee Chair
    Cheatsheet Series Product Manager
    OWASP Podcast Producer/Host

    jim at owasp.org
    www.owasp.org


--------------------------------------------------------------------------------
_______________________________________________
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-guide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120517/f6d3f7fb/attachment.html>


More information about the Owasp-guide mailing list