Difference between revisions of "AppSecEU08 The OWASP Anti-Samy project"

From OWASP
Jump to: navigation, search
(New page: TBD by Jason)
 
Line 1: Line 1:
TBD by Jason
+
= The OWASP Anti-Samy Project =
 +
User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The OWASP Anti-Samy Project was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.

Revision as of 21:15, 29 April 2008

The OWASP Anti-Samy Project

User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The OWASP Anti-Samy Project was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.