[Owasp-leaders] Abridged XSS Cheat Sheet

psiinon psiinon at gmail.com
Wed Nov 16 04:16:03 EST 2011


Jim,

Looks great, and I think its exactly what OWASP should be producing.
It shouldnt claim to be 'all you need to know' about XSS, but it doesnt so
thats not a problem.
Its short, sweet, to the point, very useful and has links to more info.
So I strongly support this.

You could maybe stress that is just a summary / lookup table and that
people should look at the full XSS page for more info, but thats a very
minor point.

Cheers,

Simon

On Wed, Nov 16, 2011 at 3:09 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Folks,
>
> I've been working on a different "view" of XSS Defense mechanism which
> I've posted here
> https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet
>
> My goal is to build a "traditional" short-form developer cheat sheet in
> the style of http://devcheatsheet.com
>
> This is an alternate view of
>
> https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
>
> I though this was a cool idea, but it's ruffling feathers and I've been
> asked specifically NOT to do this.
>
> Help please. :)
>
> Do you find this to be valuable?
> Do you think this undermines the work of the current XSS Prevention
> Cheat Sheet?
> Do you think one method is more/digestible than the other?
> Do you think both of these are of value?
>
> Any feedback is appreciated.
>
> --
> Jim Manico
>
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
>
> jim at owasp.org
> www.owasp.org
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111116/ab563748/attachment.html 


More information about the OWASP-Leaders mailing list