[Owasp-guide] Volunteering for Output Encoding Chapter

Jim Manico jim.manico at owasp.org
Thu May 17 15:00:57 UTC 2012


I'd personally like to see both an Output Encoding section AND a XSS
defense section.

XSS defense involves:

Output Encoding, Input validation, safe json parsing, sandboxing, DOM XSS
api avoidance, HTML policy based validation, etc. XSS defense is way WAY
more than just OE.

Aloha,

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On May 16, 2012, at 9:02 PM, Abraham Kang <abraham.kang at owasp.org> wrote:

I think output encoding can apply to any executable context including
command line output, xml, shell script, sql.  If the chapter is to focused
on xss, I can modify it.

--Abe
On May 14, 2012 8:10 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

>  Abe,
>
> Can we rename the output encoding section and call it "XSS Prevention"
> instead?
>
> Complete XSS prevention requires validation, HTML policy validation,
> proper JSON parsing and a host of other techniques other than just output
> encoding.
>
> Fair? Interested?
>
> Aloha,
> Jim
>
>
>  I want to volunteer to take the Output Encoding Chapter.  I added the
> chapter a while ago but it has been sitting idle.
>
> The content is pretty much done but may need minor reorganization.
>
> Regards,
> Abe
>
>
>
>
> _______________________________________________
> Owasp-guide mailing listOwasp-guide at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
> --
> Jim Manico
>
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
>
> jim at owasp.org
> www.owasp.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120517/52107357/attachment.html>


More information about the Owasp-guide mailing list