This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session027"

From OWASP
Jump to: navigation, search
(Undo revision 99430 by Sarah Baso (Talk))
m
 
(11 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
 
|-
 
|-
 +
 +
| summit_session_attendee_name1 =
 +
| summit_session_attendee_email1 =
 +
| summit_session_attendee_username1 =
 +
| summit_session_attendee_company1=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
 +
 +
| summit_session_attendee_name2 = Justin Clarke
 +
| summit_session_attendee_email2 = [email protected]
 +
| summit_session_attendee_username2 =
 +
| summit_session_attendee_company2= Gotham Digital Science
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
 +
 +
| summit_session_attendee_name3 = Abraham Kang
 +
| summit_session_attendee_email3 =
 +
| summit_session_attendee_username3 =
 +
| summit_session_attendee_company3=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
 +
 +
| summit_session_attendee_name4 =
 +
| summit_session_attendee_email4 =
 +
| summit_session_attendee_username4 =
 +
| summit_session_attendee_company4=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
 +
 +
| summit_session_attendee_name5 =
 +
| summit_session_attendee_email5 =
 +
| summit_session_attendee_username5 =
 +
| summit_session_attendee_company5=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
 +
 +
| summit_session_attendee_name6 =
 +
| summit_session_attendee_email6 =
 +
| summit_session_attendee_username6 =
 +
| summit_session_attendee_company6=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
 +
 +
| summit_session_attendee_name7 =
 +
| summit_session_attendee_email7 =
 +
| summit_session_attendee_username7 =
 +
| summit_session_attendee_company7=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
 +
 +
| summit_session_attendee_name8 =
 +
| summit_session_attendee_email8 =
 +
| summit_session_attendee_username8 =
 +
| summit_session_attendee_company8=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
 +
 +
| summit_session_attendee_name9 =
 +
| summit_session_attendee_email9 =
 +
| summit_session_attendee_username9 =
 +
| summit_session_attendee_company9=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
 +
 +
| summit_session_attendee_name10 =
 +
| summit_session_attendee_email10 =
 +
| summit_session_attendee_username10 =
 +
| summit_session_attendee_company10=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
 +
 +
| summit_session_attendee_name11 =
 +
| summit_session_attendee_email11 =
 +
| summit_session_attendee_username11 =
 +
| summit_session_attendee_company11=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
 +
 +
| summit_session_attendee_name12 =
 +
| summit_session_attendee_email12 =
 +
| summit_session_attendee_username12 =
 +
| summit_session_attendee_company12=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
 +
 +
| summit_session_attendee_name13 =
 +
| summit_session_attendee_email13 =
 +
| summit_session_attendee_username13 =
 +
| summit_session_attendee_company13=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
 +
 +
| summit_session_attendee_name14 =
 +
| summit_session_attendee_email14 =
 +
| summit_session_attendee_username14 =
 +
| summit_session_attendee_company14=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=
 +
 +
| summit_session_attendee_name15 =
 +
| summit_session_attendee_email15 =
 +
| summit_session_attendee_username15 =
 +
| summit_session_attendee_company15=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
 +
 +
| summit_session_attendee_name16 =
 +
| summit_session_attendee_email16 =
 +
| summit_session_attendee_username16 =
 +
| summit_session_attendee_company16=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
 +
 +
| summit_session_attendee_name17 =
 +
| summit_session_attendee_email17 =
 +
| summit_session_attendee_username17 =
 +
| summit_session_attendee_company17=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
 +
 +
| summit_session_attendee_name18 =
 +
| summit_session_attendee_email18 =
 +
| summit_session_attendee_username18 =
 +
| summit_session_attendee_company18=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
 +
 +
| summit_session_attendee_name19 =
 +
| summit_session_attendee_email19 =
 +
| summit_session_attendee_username19 =
 +
| summit_session_attendee_company19=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
 +
 +
| summit_session_attendee_name20 =
 +
| summit_session_attendee_email20 =
 +
| summit_session_attendee_username20 =
 +
| summit_session_attendee_company20=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
 +
 +
|-
 +
| summit_track_logo = [[Image:T._secure_coding.jpg]]
 +
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
 
| summit_session_name = Contextual Output Encoding
 
| summit_session_name = Contextual Output Encoding
 
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027
 
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027
 +
| mailing_list =
 
|-
 
|-
  
| short_working_session_description= This working session will demonstrate the ESAPI encoding library protecting applications from a variety of different injection attack vectors, including XSS and XML injection.
+
| short_working_session_description=This session will focus on making existing output encoding codecs better as well as creating new codecs to address additional output encoding contexts.
 
 
 
|-
 
|-
  
| related_project_name1 =  
+
| related_project_name1 = ESAPI
| related_project_url_1 =  
+
| related_project_url_1 = http://www.esapi.org
  
 
| related_project_name2 =  
 
| related_project_name2 =  
Line 26: Line 150:
 
|-
 
|-
  
| summit_session_objective_name1= Provide real-world examples of the ESAPI encoder class stopping injection attacks.
+
| summit_session_objective_name1 = Increase coverage and functionality of existing Output Encoding Codecs
  
| summit_session_objective_name2 =  
+
| summit_session_objective_name2 = Create new codecs to cover more output encoding contextual needs
  
| summit_session_objective_name3 =  
+
| summit_session_objective_name3 = Introduce these codecs in a way that doesn't interfere with ESAPI Modularization Tasks
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = Draft an implementation guide for Application Framework Developers to implement ESAPI Output Encoding into their Application Frameworks
  
 
| summit_session_objective_name5 =   
 
| summit_session_objective_name5 =   
Line 54: Line 178:
 
|-
 
|-
  
|summit_session_deliverable_name1 =  
+
|summit_session_deliverable_name1 = Increase coverage and functionality of existing Output Encoding Codecs
|summit_session_deliverable_url_1 =
 
  
|summit_session_deliverable_name2 =  
+
|summit_session_deliverable_name2 = New drop in set of codecs for the ESAPI Encoder to use for additional contexts
|summit_session_deliverable_url_2 =
 
  
|summit_session_deliverable_name3 =  
+
|summit_session_deliverable_name3 = Implementation Guide for Framework Developers to integrate Output Encoding into their Application Framework. This should be a simple guide that can be distributed en masse to framework developers as a push to get them involved in making their frameworks more secure by eliminating XSS.
|summit_session_deliverable_url_3 =
 
  
 
|summit_session_deliverable_name4 =  
 
|summit_session_deliverable_name4 =  
|summit_session_deliverable_url_4 =
 
  
 
|summit_session_deliverable_name5 =  
 
|summit_session_deliverable_name5 =  
|summit_session_deliverable_url_5 =  
+
 
 +
|summit_session_deliverable_name6 =
 +
 
 +
|summit_session_deliverable_name7 =
 +
 
 +
|summit_session_deliverable_name8 =  
  
 
|-
 
|-
  
| summit_session_leader_name1 = Jim Manico
+
| summit_session_leader_name1 = Chris Schmidt
| summit_session_leader_email1 = jim.manico@owasp.org
+
| summit_session_leader_email1 = chris.schmidt@owasp.org
| summit_session_leader_wiki_username1 = jmanico
 
  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_email2 =  
 
| summit_session_leader_email2 =  
| summit_session_leader_wiki_username2 =
+
| summit_session_leader_username2 =  
  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_email3 =  
 
| summit_session_leader_email3 =  
| summit_session_leader_wiki_username3 =
+
| summit_session_leader_username3 =  
  
 
|-
 
|-
Line 87: Line 211:
 
| operational_leader_name1 =
 
| operational_leader_name1 =
 
| operational_leader_email1 =
 
| operational_leader_email1 =
| operational_leader_wiki_username1 =  
+
| operational_leader_username1 =  
  
 
|-
 
|-
 
| summit_session_attendee_name1 =
 
| summit_session_attendee_email1 =
 
| summit_session_attendee_wiki_username1 =
 
 
| summit_session_attendee_name2 =
 
| summit_session_attendee_email2 =
 
| summit_session_attendee_wiki_username2 =
 
 
| summit_session_attendee_name3 =
 
| summit_session_attendee_email3 =
 
| summit_session_attendee_wiki_username3 =
 
 
| summit_session_attendee_name4 =
 
| summit_session_attendee_email4 =
 
| summit_session_attendee_wiki_username4 =
 
 
| summit_session_attendee_name5 =
 
| summit_session_attendee_email5 =
 
| summit_session_attendee_wiki_username5 =
 
 
| summit_session_attendee_name6 =
 
| summit_session_attendee_email6 =
 
| summit_session_attendee_wiki_username6 =
 
 
| summit_session_attendee_name7 =
 
| summit_session_attendee_email7 =
 
| summit_session_attendee_wiki_username7 =
 
 
| summit_session_attendee_name8 =
 
| summit_session_attendee_email8 =
 
| summit_session_attendee_wiki_username8 =
 
 
| summit_session_attendee_name9 =
 
| summit_session_attendee_email9 =
 
| summit_session_attendee_wiki_username9 =
 
 
| summit_session_attendee_name10 =
 
| summit_session_attendee_email10 =
 
| summit_session_attendee_wiki_username10 =
 
 
| summit_session_attendee_name11 =
 
| summit_session_attendee_email11 =
 
| summit_session_attendee_wiki_username11 =
 
 
| summit_session_attendee_name12 =
 
| summit_session_attendee_email12 =
 
| summit_session_attendee_wiki_username12 =
 
 
| summit_session_attendee_name13 =
 
| summit_session_attendee_email13 =
 
| summit_session_attendee_wiki_username13 =
 
 
| summit_session_attendee_name14 =
 
| summit_session_attendee_email14 =
 
| summit_session_attendee_wiki_username14 =
 
 
| summit_session_attendee_name15 =
 
| summit_session_attendee_email15 =
 
| summit_session_attendee_wiki_username15 =
 
 
| summit_session_attendee_name16 =
 
| summit_session_attendee_email16 =
 
| summit_session_attendee_wiki_username16 =
 
 
| summit_session_attendee_name17 =
 
| summit_session_attendee_email17 =
 
| summit_session_attendee_wiki_username17=
 
 
| summit_session_attendee_name18 =
 
| summit_session_attendee_email18 =
 
| summit_session_attendee_wiki_username18 =
 
 
| summit_session_attendee_name19 =
 
| summit_session_attendee_email19 =
 
| summit_session_attendee_wiki_username19 =
 
 
| summit_session_attendee_name20 =
 
| summit_session_attendee_email20 =
 
| summit_session_attendee_wiki_username20 =
 
 
|-
 
 
 
| meeting_notes =  
 
| meeting_notes =  
  

Latest revision as of 04:11, 3 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. secure coding.jpg Contextual Output Encoding
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description This session will focus on making existing output encoding codecs better as well as creating new codecs to address additional output encoding contexts.
Related Projects (if any)


Email Contacts & Roles Chair
Chris Schmidt @

Operational Manager
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Increase coverage and functionality of existing Output Encoding Codecs
  2. Create new codecs to cover more output encoding contextual needs
  3. Introduce these codecs in a way that doesn't interfere with ESAPI Modularization Tasks
  4. Draft an implementation guide for Application Framework Developers to implement ESAPI Output Encoding into their Application Frameworks

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

Increase coverage and functionality of existing Output Encoding Codecs

After the Board Meeting - fill in here.

New drop in set of codecs for the ESAPI Encoder to use for additional contexts

After the Board Meeting - fill in here.

Implementation Guide for Framework Developers to integrate Output Encoding into their Application Framework. This should be a simple guide that can be distributed en masse to framework developers as a push to get them involved in making their frameworks more secure by eliminating XSS.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed



Justin Clarke @
Gotham Digital Science

Abraham Kang