Top "Owasp" questions

Howto sanitize inputs

I am willing to use "OWASP ESAPI for Java" to sanitize users inputs when they submits forms in a Tomcat …

java input sanitize owasp esapi

OWASP ESAPI simpleTest in a Maven Java EE project

i have a litte JavaEE project, and i have to secure it with the OWASP ESAPI i integrated the ESAPI …

security jakarta-ee maven owasp esapi

OWASP-ESAPI logger help needed

In my current project I am using Maven and Spring. I am currently using SLF4J logger for logging services. …

logging owasp esapi

what is x-Application-Context header?

What is this response header (x-Application-Context) stands for? is it specific to Spring framework? what does the below header means? …

security web spring-boot owasp

How to use JSON Sanitizer at Server Side?

I want to implement the 'JSON Sanitizer' validation as mentioned by OWASP. My understanding is that this needs to be …

json owasp input-sanitization jsonexception

Why/How is `value="javascript:alert(1)"` considered as a XSS vulnerability in OWASP's ZAP tool?

The results for OWASP's ZAP has been very useful for eliminating vulnerable parts of my website. However, I've found a …

php javascript xss owasp

Where is the ESAPI documentation located?

I'm interested in ESAPI to use in a production environment. Is there any official documentation on how to setup properly …

owasp esapi

OWASP top ten attacks and Spring Security

I am evaluating security for my web application. As I am using Spring in my web application I would like …

spring-security owasp

How to use Encode.forHtml() in a javascript file?

I need to use the Encode.forHtml() in a js file. i'm using the jar Recommended by OWASP - encoder-1.2.…

javascript xss owasp esapi cross-site

how to fix 'Disable XML external entity (XXE) processing' vulnerabilities in java

I ran my java code against sonarqube and I got 'Disable XML external entity (XXE) processing' as vulnerability. I spend …

java xml sonarqube owasp