[Owasp-std] Moving security into the IDE: Automatic code patch

dinis cruz dinis.cruz at owasp.org
Mon Nov 7 06:11:04 EST 2011


On the topic of backing security into the developer's IDE and Frameworks,
here are two PoCs that show what this could look like:

   - The future of secure code? Fixing/Encoding .NET code in real time (in
   this case Response.Write)
<http://diniscruz.blogspot.com/2011/11/future-of-secure-code-fixingencoding.html>
   - In ASP.NET, prevent XSS with automatic html
encoding<http://diniscruz.blogspot.com/2011/11/in-aspnet-prevent-xss-with-automatic.html>


Btw, I'm working on an Eclipse Plug-in for TeamMentor which I will publish
the code soon. This first version is a simple Eclipse Plug-in that calls a
number of web pages (after some config steps), which could also be reused
as a PoC for an STD plug-in.

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-std/attachments/20111107/f71c4fc7/attachment.html 


More information about the Owasp-std mailing list