The OWASP AntiSamy Project

<p>"Failure to Avoid Web 2.0" is one of CWE/SANS new highly respected, well-put together, professional, only "half plagiarized Top 25 Coding Errors." Everyone tries to avoid XSS (aka Web 2.0) in their own terrible way - being overly restrictive with input validation, performing total output encoding, building a blacklist, or utilizing hope and prayer. These approaches all either suck for business or suck for security.</p><p>AntiSamy uses a positive model for translating horribly broken, unsafe, malicious rich content from users and turning it into safe content without fearing of exposing its users to malicious code. Think of it as "a NoScript" API for web developers. We invite you to take a look at our approach, our rules, the history, and some interesting attacks we learned along the way.</p>

Presented by

Links