This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session027"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
  
| summit_session_attendee_name2 = Chris Schmidt
+
| summit_session_attendee_name2 =  
| summit_session_attendee_email2 = [email protected]
+
| summit_session_attendee_email2 =  
| summit_session_attendee_company2=Aspect Security
+
| summit_session_attendee_company2=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
  
Line 110: Line 110:
 
|-
 
|-
  
| short_working_session_description= This working session will demonstrate the ESAPI encoding library protecting applications from a variety of different injection attack vectors, including XSS and XML injection.
+
| short_working_session_description=This session will focus on making existing output encoding codecs better as well as creating new codecs to address additional output encoding contexts.
 
 
 
|-
 
|-
  
| related_project_name1 =  
+
| related_project_name1 = ESAPI
| related_project_url_1 =  
+
| related_project_url_1 = http://www.esapi.org
  
 
| related_project_name2 =  
 
| related_project_name2 =  
Line 131: Line 130:
 
|-
 
|-
  
| summit_session_objective_name1= Provide real-world examples of the ESAPI encoder class stopping injection attacks.
+
| summit_session_objective_name1 = Increase coverage and functionality of existing Output Encoding Codecs
  
| summit_session_objective_name2 =  
+
| summit_session_objective_name2 = Create new codecs to cover more output encoding contextual needs
  
| summit_session_objective_name3 =  
+
| summit_session_objective_name3 = Introduce these codecs in a way that doesn't interfere with ESAPI Modularization Tasks
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = Draft an implementation guide for Application Framework Developers to implement ESAPI Output Encoding into their Application Frameworks
  
 
| summit_session_objective_name5 =   
 
| summit_session_objective_name5 =   
Line 159: Line 158:
 
|-
 
|-
  
|summit_session_deliverable_name1 = A clear and concise user guide for getting ESAPI encoding up and running.
+
|summit_session_deliverable_name1 = Increase coverage and functionality of existing Output Encoding Codecs
 
|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_1
 
|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_1
  
|summit_session_deliverable_name2 = An XSS-Proofing Guideline for UI framework developers on how to ensure proper contextual context encoding for browsers.  The goal should be XSS is IMPOSSIBLE in their application.
+
|summit_session_deliverable_name2 = New drop in set of codecs for the ESAPI Encoder to use for additional contexts
 
|summit_session_deliverable_url_2 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_2
 
|summit_session_deliverable_url_2 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_2
  
|summit_session_deliverable_name3 = An open letter and offer of support to framework developers to think about their security and consider what is available in ESAPI.
+
|summit_session_deliverable_name3 = Implementation Guide for Framework Developers to integrate Output Encoding into their Application Framework. This should be a simple guide that can be distributed en masse to framework developers as a push to get them involved in making their frameworks more secure by eliminating XSS.
 
|summit_session_deliverable_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_3
 
|summit_session_deliverable_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_3
  
Line 176: Line 175:
 
|-
 
|-
  
| summit_session_leader_name1 = Jim Manico
+
| summit_session_leader_name1 = Chris Schmidt
| summit_session_leader_email1 = jim.manico@owasp.org
+
| summit_session_leader_email1 = chris.schmidt@owasp.org
  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_name2 =  

Revision as of 19:17, 25 January 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. secure coding.jpg Contextual Output Encoding
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description This session will focus on making existing output encoding codecs better as well as creating new codecs to address additional output encoding contexts.
Related Projects (if any)


Email Contacts & Roles Chair
Chris Schmidt @

 Operational Manager
 Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Increase coverage and functionality of existing Output Encoding Codecs
  2. Create new codecs to cover more output encoding contextual needs
  3. Introduce these codecs in a way that doesn't interfere with ESAPI Modularization Tasks
  4. Draft an implementation guide for Application Framework Developers to implement ESAPI Output Encoding into their Application Frameworks

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011 		Date & Time


 Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

Increase coverage and functionality of existing Output Encoding Codecs

After the Board Meeting - fill in here.

New drop in set of codecs for the ESAPI Encoder to use for additional contexts

After the Board Meeting - fill in here.

Implementation Guide for Framework Developers to integrate Output Encoding into their Application Framework. This should be a simple guide that can be distributed en masse to framework developers as a push to get them involved in making their frameworks more secure by eliminating XSS.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name6}}}

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name7}}}

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name8}}}

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Colin Watson





Justin Clarke @
Gotham Digital Science



















































Retrieved from "https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session027&oldid=101982"