Category:OWASP Learn About Encoding Project

Click here to see (& edit, if wanted) the project's template.

Preamble

Starting with projects such as overtime
 * XSS (Cross Site Scripting) Prevention Cheat Sheet
 * ESAPI Codecs and Encoder

The "OWASP Learn About Encoding Project" has not discovered anything new, but rather wants to emphasize the importance of input sanitize and output escaping. In the network there are often errors in the visualization of pages: you see question marks (?) where it should be accented letters, there are strange characters (i.e. A+tilde, A+umlauts) where this should be the "euro" character, and so way. Not only that: but there are communication channels that allow the exchange of characters not properly controlled: i.e. sms messages, chat messages, voip client, ecc.. often contain values are not consistent.

The use of proper Charset is essential for
 * integrity of the data: if we take in input some characters, we want to "see" the same characters in output
 * the prevention of the problem of Canonicalization: the knowledge of Charset is first thing to do

Goal

This is a project that aims to educate developers, systems analysts or anyone who writes code regarding the knowledge of proper use of Charset and Canonicalization. The project will seek to give a comprehensive response by crossing one another most scenarios highlighting the roles of key players (browser, operating system, database, etc. ..). To achieve this goal we decided to create a tool in three different formats:


 * web application
 * swing applcation
 * shell tool

Roadmap

Detailed roadmap for future developments:

01/03/09 : Startup

01/03/09 - 15/03/09 : Project Goal Definition

16/03/09 - 31/03/09 : Project Architecture Definition

01/04/09 - 31/06/09 : Code Development

01/07/09 : Alpha release

05/07/09 - 30/07/09 : Bug Fixing

01/08/09 - 30/10/09 : Project Development - enhancement, new feature

01/11/09 : Beta release

02/11/09 - 30/11/09 : Bug Fixing

Feedback