AppSecEU08 The OWASP Anti-Samy project
The OWASP Anti-Samy Project
User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The OWASP Anti-Samy Project was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.
About the Speaker
Jason Li is a Senior Application Security Engineer at Aspect Security. His primary contribution to the OWASP Anti-Samy Project was the integration of cascading stylesheet validation. In addition to working on the Anti-Samy Project, Jason is currently working on the OWASP UI Component Verification Project.