This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSecEU08 The OWASP Anti-Samy project

From OWASP
Revision as of 02:25, 30 April 2008 by Jason Li (talk | contribs) (The OWASP Anti-Samy Project)

Jump to: navigation, search

About the Talk

User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The OWASP Anti-Samy Project was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.

About the Speaker

Jason Li is a Senior Application Security Engineer at Aspect Security. His primary contribution to the OWASP Anti-Samy Project was the integration of cascading stylesheet validation. In addition to working on the Anti-Samy Project, Jason is currently working on the OWASP UI Component Verification Project.