[Owasp-guide] Volunteering for Output Encoding Chapter

vanderaj vanderaj vanderaj at owasp.org
Thu May 17 22:20:01 UTC 2012


My thoughts on organization of each control are:

Design

The rationale for any compliant design. We give a strawman compliant
pattern.


Implementation

A concrete example of a compliant implementation, preferably using native
features or ESAPI.


Test

How to test (both negative and positive tests) for this issue:

Links to OWASP Test Guide for this issue.

* Unit test bullet points (i.e. content is in OWASP Testing Guide)
* Web test bullet points

thoughts?

On combining input validation and output encoding, I am okay with this
idea, but I think considering that output encoding deals with SQL, LDAP,
and other mechanisms that are not (necessarily) strongly coupled to input,
I think let's develop them in concert but as two, and once we have the two
chapters developed, let's have a talk about linkage and integration.

thoughts?

thanks,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120518/39c478aa/attachment.html>


More information about the Owasp-guide mailing list