This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session027"

From OWASP
Jump to: navigation, search
Line 159: Line 159:
 
|-
 
|-
  
|summit_session_deliverable_name1 =  
+
|summit_session_deliverable_name1 = A clear and concise user guide for getting ESAPI encoding up and running.
|summit_session_deliverable_url_1 =  
+
|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_1
  
|summit_session_deliverable_name2 =  
+
|summit_session_deliverable_name2 = An XSS-Proofing Guideline for UI framework developers on how to ensure proper contextual context encoding for browsers.  The goal should be XSS is IMPOSSIBLE in their application.
|summit_session_deliverable_url_2 =  
+
|summit_session_deliverable_url_2 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_2
  
|summit_session_deliverable_name3 =  
+
|summit_session_deliverable_name3 = An open letter and offer of support to framework developers to think about their security and consider what is available in ESAPI.
|summit_session_deliverable_url_3 =  
+
|summit_session_deliverable_url_3 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027/Deliverable_3
  
 
|summit_session_deliverable_name4 =  
 
|summit_session_deliverable_name4 =  

Revision as of 00:29, 24 January 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. secure coding.jpg Contextual Output Encoding
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description This working session will demonstrate the ESAPI encoding library protecting applications from a variety of different injection attack vectors, including XSS and XML injection.
Related Projects (if any)


Email Contacts & Roles Chair
Jim Manico @

Operational Manager
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Provide real-world examples of the ESAPI encoder class stopping injection attacks.

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A clear and concise user guide for getting ESAPI encoding up and running.

After the Board Meeting - fill in here.

An XSS-Proofing Guideline for UI framework developers on how to ensure proper contextual context encoding for browsers. The goal should be XSS is IMPOSSIBLE in their application.

After the Board Meeting - fill in here.

An open letter and offer of support to framework developers to think about their security and consider what is available in ESAPI.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name6}}}

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name7}}}

After the Board Meeting - fill in here.

{{{summit_session_deliverable_name8}}}

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Colin Watson


Chris Schmidt @
Aspect Security

Justin Clarke @
Gotham Digital Science