Difference between revisions of "AppSecEU08 The OWASP Anti-Samy project"

From OWASP
Jump to: navigation, search
(The OWASP Anti-Samy Project)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
= The OWASP Anti-Samy Project =
+
= About the Talk =
 
User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP Anti-Samy Project] was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.
 
User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP Anti-Samy Project] was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.
 +
 +
Slides are available [https://www.owasp.org/images/4/47/AppSecEU08-AntiSamy.ppt here].
  
 
= About the Speaker =
 
= About the Speaker =
  
 
Jason Li is a Senior Application Security Engineer at Aspect Security. His primary contribution to the [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP Anti-Samy Project] was the integration of cascading stylesheet validation. In addition to working on the Anti-Samy Project, Jason is currently working on the [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#P028_-_OWASP_UI_Component_Verification_Project_.28a.k.a._OWASP_JSP_Testing_Tool.29 OWASP UI Component Verification Project].
 
Jason Li is a Senior Application Security Engineer at Aspect Security. His primary contribution to the [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP Anti-Samy Project] was the integration of cascading stylesheet validation. In addition to working on the Anti-Samy Project, Jason is currently working on the [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#P028_-_OWASP_UI_Component_Verification_Project_.28a.k.a._OWASP_JSP_Testing_Tool.29 OWASP UI Component Verification Project].

Latest revision as of 18:22, 21 May 2008

About the Talk

User generated rich content is increasingly necessary for websites to stay relevant in today's Internet. The problem with rich content is that it can contain malicious attacks - most commonly cross-site scripting attacks. Websites were faced with a dilemma: incorporate user generated rich content and potentially expose their users to malicious content (along with the negative publicity that comes with it) or see users migrate to other more featured sites. The OWASP Anti-Samy Project was created by Arshan Dabirsiaghi as a tool to solve this dilemma by allowing websites to validate free form, rich user content in a positive manner. This talk will demonstrate how Anti-Samy can be used to enable websites to include rich user content that includes HTML and CSS while still protecting users from malicious content with a high degree of assurance. The talk will also update the community on improvements in the latest release and discuss the future roadmap for the project.

Slides are available here.

About the Speaker

Jason Li is a Senior Application Security Engineer at Aspect Security. His primary contribution to the OWASP Anti-Samy Project was the integration of cascading stylesheet validation. In addition to working on the Anti-Samy Project, Jason is currently working on the OWASP UI Component Verification Project.