This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Encoding Project"

From OWASP
Jump to: navigation, search
 
(22 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]
 +
| align="right" |
 +
 +
|}
 +
==== Main  ====
 +
 
== Overview ==
 
== Overview ==
  
Web applications face any number of threats; one of them is cross-site scripting and related injection attacks.  90% of all web applications contain cross-site scripting attacks because they are easy to introduce, and the proper tools are not always available to prevent them.  There is no good single library that provides all the functions required by developers to incorporate a fix into there code that will stand up to the test of time and continual research in the field.  The Reform library attempts to provide a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc).  The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.
+
Web applications face any number of threats; one of them is cross-site scripting and related injection attacks.  90% of all web applications contain cross-site scripting vulnerabilities because they are easy to introduce, and the proper tools are not always available to prevent them.  The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc).  The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.
  
 
== Goals ==
 
== Goals ==
Line 10: Line 21:
 
== Download ==
 
== Download ==
  
The most recent released version of Reform can be downloaded from [http://sourceforge.net/project/showfiles.php?group_id=149309].
+
[http://reform.googlecode.com/files/Reform-0.12.zip Reform-0.12.zip] (stable)
  
The latest code is also now being maintained in a Google Code repository [http://code.google.com/p/reform/]
+
The latest code is now being maintained in a [http://code.google.com/p/reform/ Google Code repository at http://code.google.com/p/reform/]
  
 
== Features ==
 
== Features ==
Line 25: Line 36:
 
** Perl
 
** Perl
 
** JavaScript
 
** JavaScript
 +
** ASP
 
* Support for AJAX
 
* Support for AJAX
 
* Conservative approach
 
* Conservative approach
 
* Solves all current XSS techniques
 
* Solves all current XSS techniques
 +
* Full xUnit style test cases
  
 
== Future Development ==
 
== Future Development ==
Line 52: Line 65:
 
== Project Contributors ==
 
== Project Contributors ==
  
Michael Eddington
+
[http://phed.org Michael Eddington]
  
 
== Project Sponsor ==
 
== Project Sponsor ==
Line 58: Line 71:
 
[http://leviathansecurity.com Leviathan Security Group, Inc.]
 
[http://leviathansecurity.com Leviathan Security Group, Inc.]
  
[[Category:OWASP Project]]
+
==== Project Details ====
 +
 
 +
[[Category:OWASP Project|Encoding Project]]
 +
[[Category:OWASP Download]]
 +
[[Category:OWASP Tool]]
 +
 
 +
{{:GPC Project Details/OWASP Encoding Project | OWASP Project Identification Tab}}
 +
 +
__NOTOC__ <headertabs />

Latest revision as of 19:48, 23 January 2014



OWASP Inactive Banner.jpg

Main

Overview

Web applications face any number of threats; one of them is cross-site scripting and related injection attacks. 90% of all web applications contain cross-site scripting vulnerabilities because they are easy to introduce, and the proper tools are not always available to prevent them. The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc). The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.

Goals

  • Provide tools needed by developers to mitigate canonicalization issues in web technologies.
  • Provide a solution that will not need to be patched (no security patches since release in 2004, private implementations in use since 2002).

Download

Reform-0.12.zip (stable)

The latest code is now being maintained in a Google Code repository at http://code.google.com/p/reform/

Features

  • Unicode support
  • Context specific functions (HTML, XML, JavaScript, etc)
  • Many supported languages
    • Java
    • .NET v1/v2
    • PHP
    • Python
    • Perl
    • JavaScript
    • ASP
  • Support for AJAX
  • Conservative approach
  • Solves all current XSS techniques
  • Full xUnit style test cases

Future Development

  • Ruby support
  • Java framework support
  • LDAP encoding functions
  • Add documentation on resolving XPath issues

News

OWASP Encoding Project Adopts Reform - 10:01, 8 November 2006 (EST)

OWASP is adopting the Reform Encoding Library as an OWASP project. We are currently in the process of moving over the source, downloads, and documentation.

OWASP Encoding Project Created! - 10:01, 8 November 2006 (EST)

The Open Web Application Security Project is proud to announce the OWASP Encoding Project!

Feedback and Participation:

We hope you find the OWASP Encoding Project useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP Encoding Project mailing list or view the archives, please visit the subscription page.

Project Contributors

Michael Eddington

Project Sponsor

Leviathan Security Group, Inc.

Project Details


PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Encoding Project

Purpose: N/A

License: N/A

who is working on this project?
Project Leader: N/A

Project Maintainer: Michael Eddington @

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: N/A

Project Roadmap: N/A

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact the GPC to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.

This category currently contains no pages or media.