[Owasp-leaders] Abridged XSS Cheat Sheet

Jason Alexander jason.alexander at owasp.org
Wed Nov 16 06:07:47 EST 2011


On 16/11/11 09:16, psiinon wrote:
> Jim,
>
> Looks great, and I think its exactly what OWASP should be producing.
> It shouldnt claim to be 'all you need to know' about XSS, but it 
> doesnt so thats not a problem.
> Its short, sweet, to the point, very useful and has links to more info.
> So I strongly support this.
>
> You could maybe stress that is just a summary / lookup table and that 
> people should look at the full XSS page for more info, but thats a 
> very minor point.
>
> Cheers,
>
> Simon
>
> On Wed, Nov 16, 2011 at 3:09 AM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Folks,
>
>     I've been working on a different "view" of XSS Defense mechanism which
>     I've posted here
>     https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet
>
>     My goal is to build a "traditional" short-form developer cheat
>     sheet in
>     the style of http://devcheatsheet.com
>
>     This is an alternate view of
>     https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
>
>     I though this was a cool idea, but it's ruffling feathers and I've
>     been
>     asked specifically NOT to do this.
>
>     Help please. :)
>
>     Do you find this to be valuable?
>     Do you think this undermines the work of the current XSS Prevention
>     Cheat Sheet?
>     Do you think one method is more/digestible than the other?
>     Do you think both of these are of value?
>
>     Any feedback is appreciated.
>
>     --
>     Jim Manico
>
>     Connections Committee Chair
>     Cheatsheet Series Product Manager
>     OWASP Podcast Producer/Host
>
>     jim at owasp.org <mailto:jim at owasp.org>
>     www.owasp.org <http://www.owasp.org>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
This is a very nice view Jim. Great stuff. Clearly shows where the 
issues are to less knowledgeable people like me.

Regards

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111116/a0416e6a/attachment.html 


More information about the OWASP-Leaders mailing list