[Owasp-guide] Volunteering for Output Encoding Chapter

Jim Manico jim.manico at owasp.org
Thu May 17 15:00:57 UTC 2012

I'd personally like to see both an Output Encoding section AND a XSS
defense section.

XSS defense involves:

Output Encoding, Input validation, safe json parsing, sandboxing, DOM XSS
api avoidance, HTML policy based validation, etc. XSS defense is way WAY
more than just OE.


Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On May 16, 2012, at 9:02 PM, Abraham Kang <abraham.kang at owasp.org> wrote:

I think output encoding can apply to any executable context including
command line output, xml, shell script, sql.  If the chapter is to focused
on xss, I can modify it.

On May 14, 2012 8:10 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

>  Abe,
> Can we rename the output encoding section and call it "XSS Prevention"
> instead?
> Complete XSS prevention requires validation, HTML policy validation,
> proper JSON parsing and a host of other techniques other than just output
> encoding.
> Fair? Interested?
> Aloha,
> Jim
>  I want to volunteer to take the Output Encoding Chapter.  I added the
> chapter a while ago but it has been sitting idle.
> The content is pretty much done but may need minor reorganization.
> Regards,
> Abe
> _______________________________________________
> Owasp-guide mailing listOwasp-guide at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-guide
> --
> Jim Manico
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> jim at owasp.org
> www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120517/52107357/attachment.html>

More information about the Owasp-guide mailing list