Difference between revisions of "Category:OWASP Learn About Encoding Project"

From OWASP
Jump to: navigation, search
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[:Key Project Information:OWASP Learn About Encoding Project|Click here to see (& edit, if wanted) the project's template.]]
+
{{ ProjectTabs |
{{:Key Project Information:OWASP Learn About Encoding Project}}
+
Proj_About=
  
 +
<br> '''Preamble'''
  
{{ ProjectTabs |
 
Proj_About =
 
'''Preamble'''
 
----
 
 
Starting with projects such as overtime  
 
Starting with projects such as overtime  
* [[XSS (Cross Site Scripting) Prevention Cheat Sheet]]
 
* [http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/org/owasp/esapi/codecs/?r=364 ESAPI Codecs and Encoder]
 
  
The "OWASP Learn About Encoding Project" has not discovered anything new, but rather wants to emphasize  
+
*'''[[XSS (Cross Site Scripting) Prevention Cheat Sheet]]'''
the importance of input sanitize and output escaping. In the network there are often errors in the visualization  
+
*[http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/org/owasp/esapi/codecs/?r=364 '''ESAPI Codecs and Encoder''']
of pages: you see question marks (?) where it should be accented letters, there are strange characters (i.e. A+tilde,  
+
 
A+umlauts) where this should be the "euro" character, and so way. Not only that: but there are communication channels  
+
The "OWASP Learn About Encoding Project" has not discovered anything new, but rather wants to emphasize the importance of input sanitize and output escaping. In the network there are often errors in the visualization of pages: you see question marks (?) where it should be accented letters, there are strange characters (i.e. A+tilde, A+umlauts) where this should be the "euro" character, and so way. Not only that: but there are communication channels that allow the exchange of characters not properly controlled: i.e. sms messages, chat messages, voip client, ecc.. often contain values are not consistent.  
that allow the exchange of characters not properly controlled: i.e. sms messages, chat messages, voip client, ecc..  
+
often contain values are not consistent.
+
  
 
The use of proper Charset is essential for  
 
The use of proper Charset is essential for  
* integrity of the data: if we take in input some characters, we want to "see" the same characters in output
 
* the prevention of the problem of Canonicalization: the knowledge of Charsets is the first thing to do
 
  
 +
*integrity of the data: if we take in input some characters, we want to "see" the same characters in output
 +
*the prevention of the problem of Canonicalization: the knowledge of Charsets is the first thing to do
  
'''Goal'''
+
<br> '''Goal'''  
----
+
This is a project that aims to educate developers, systems analysts or anyone who writes code regarding the knowledge
+
of proper use of Charset and Canonicalization. The project will seek to give a comprehensive response by crossing one
+
another most scenarios highlighting the roles of key players (browser, operating system, database, etc. ..).
+
+
To achieve this goal we decided to create a tool in three different formats:
+
  
* web application
+
This is a project that aims to educate developers, systems analysts or anyone who writes code regarding the knowledge of proper use of Charset and Canonicalization. The project will seek to give a comprehensive response by crossing one another most scenarios highlighting the roles of key players (browser, operating system, database, etc. ..).
* swing application
+
* shell tool
+
  
|
+
To achieve this goal we decided to create a tool in three different formats:
  
 +
*web application
 +
*swing application
 +
*shell tool
  
Proj_Documentation=
+
<br>
'''Roadmap'''
+
----
+
Detailed roadmap for future developments:
+
  
01/03/09 : Startup
+
|
  
01/03/09 - 15/03/09 : Project Goal Definition
+
Proj_Documentation=
  
16/03/09 - 31/03/09 : Project Architecture Definition
+
<br>'''Why do I have to understand about encoding?'''
 +
<br>'''Why do I have to understand about charset?'''
 +
 +
<br> You can find [http://code.google.com/p/learn-about-encoding/w/list '''here'''] some wiki documents.
  
01/04/09 - 31/06/09 : Code Development
+
<br>
  
01/07/09 : Alpha release
+
====Download====
 +
<br> The project is hosted by Google Code [http://code.google.com/p/learn-about-encoding '''here''']
 +
<br> You can download the source code from [http://code.google.com/p/learn-about-encoding/source/checkout '''here'''].
  
05/07/09 - 30/07/09 : Bug Fixing
+
<br>
 +
<!--
 +
====Project Information====
 +
{{:Key Project Information:OWASP Learn About Encoding Project}}
 +
-->
 +
==== Project Details ====
 +
{{:GPC Project Details/OWASP Learn About Encoding Project | OWASP Project Identification Tab}}
  
01/08/09 - 30/10/09 : Project Development - enhancement, new features
 
  
01/11/09 : Beta release
+
|
 +
Proj_Mail =
 +
<br>
 +
'''A Java security improvement'''
  
02/11/09 - 30/11/09 : Bug Fixing
+
http://blogs.sun.com/CoreJavaTechTips/entry/the_overhaul_of_java_utf
  
|
+
<br>
 
+
Proj_Mail= http://blogs.sun.com/CoreJavaTechTips/entry/the_overhaul_of_java_utf
+
  
 
|
 
|
 
+
Proj_Contributors =
Proj_Contributors= send an email to Project Leader
+
<br>
 
+
The project hasn't yet a contributor.
 +
<br>If you want to become a contributor start from mailing list:
 +
<br>[https://lists.owasp.org/mailman/listinfo/owasp-learn-about-encoding '''Subscribe here''']
 +
<br>[mailto:owasp-learn-about-encoding@lists.owasp.org '''Use here''']
  
 
}}
 
}}
 
+
''Content license:Creative Commons 3.0 BY-SA - Code license:GNU Lesser General Public License''
 
+
[[Category:OWASP_Project|Learn About Encoding Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool]]
[[Category:OWASP Project]]
+
[[Category:OWASP Tool]]
+
[[Category:OWASP Alpha Quality Tool]]
+

Latest revision as of 17:31, 19 October 2009

About


Preamble

Starting with projects such as overtime

The "OWASP Learn About Encoding Project" has not discovered anything new, but rather wants to emphasize the importance of input sanitize and output escaping. In the network there are often errors in the visualization of pages: you see question marks (?) where it should be accented letters, there are strange characters (i.e. A+tilde, A+umlauts) where this should be the "euro" character, and so way. Not only that: but there are communication channels that allow the exchange of characters not properly controlled: i.e. sms messages, chat messages, voip client, ecc.. often contain values are not consistent.

The use of proper Charset is essential for

  • integrity of the data: if we take in input some characters, we want to "see" the same characters in output
  • the prevention of the problem of Canonicalization: the knowledge of Charsets is the first thing to do


Goal

This is a project that aims to educate developers, systems analysts or anyone who writes code regarding the knowledge of proper use of Charset and Canonicalization. The project will seek to give a comprehensive response by crossing one another most scenarios highlighting the roles of key players (browser, operating system, database, etc. ..).

To achieve this goal we decided to create a tool in three different formats:

  • web application
  • swing application
  • shell tool


FAQ


Why do I have to understand about encoding?
Why do I have to understand about charset?


You can find here some wiki documents.


Download


The project is hosted by Google Code here
You can download the source code from here.


Project Details

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Learn About Encoding Project

Purpose: This is a project that aims to educate developers, systems analysts or anyone who writes code regarding the knowledge of proper use of Charset and Canonicalization. The project will seek to give a comprehensive response by crossing one another most scenarios highlighting the roles of key players.

License: Creative Commons Attribution Share Alike 3.0

who is working on this project?
Project Leader: Federico Casani

Project Maintainer: Andrea Zonzin

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Federico Casani to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
First Release - Unknown Date - (download)

Release Leader: Andrea Zonzin

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0


News


A Java security improvement

http://blogs.sun.com/CoreJavaTechTips/entry/the_overhaul_of_java_utf


Contributors/Users


The project hasn't yet a contributor.
If you want to become a contributor start from mailing list:
Subscribe here
Use here


Content license:Creative Commons 3.0 BY-SA - Code license:GNU Lesser General Public License

This category currently contains no pages or media.