This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session009/Deliverable 3"
From OWASP
Sandra Paiva (talk | contribs) |
(Suggest CSP friendliness as a criteria) |
||
| Line 4: | Line 4: | ||
To be filled in. | To be filled in. | ||
| + | |||
| + | I'm remote, but just wanted to suggest that Content Security Policy is a significantly game changing technology that it should be discussed also. | ||
| + | For CSP to be effective, the [http://en.wikipedia.org/wiki/Unobtrusive_JavaScript Unobtrusive Javascript] paradigm must be adopted by the frameworks. This should be part of any recomendation produced by this body. | ||
Revision as of 19:35, 8 February 2011
Deliverable 3
White paper or standard for what we want the web frameworks to provide in terms of XSS defenses. Turning the XSS Prevention Cheat Sheet into a standard/metric for frameworks would be great.
To be filled in.
I'm remote, but just wanted to suggest that Content Security Policy is a significantly game changing technology that it should be discussed also. For CSP to be effective, the Unobtrusive Javascript paradigm must be adopted by the frameworks. This should be part of any recomendation produced by this body.
