Top "Owasp" questions

OWASP's ZAP and the Fuzz ability

My scenario: I navigate to a login page. I put in a known username with a bad password. ZAP picks …

owasp penetration-testing fuzzing security-testing zap

Owasp Zap Testing rest api

Is that possible to testing rest-api via OWASP ZAP ? Url to attack worked just for GET requests. For example, my …

rest api testing owasp zap

Adding security headers in response using spring security

Am using spring security version 3.2. Am adding headers such as X-Frame-options, X-content-type-options in the response headers of the authenticated request. &…

spring-security owasp

Error when using Esapi validation

I hope someone could help me with some issue. I'm using OWASP ESAPI 2.1.0 with JavaEE, to help me to validate …

java regex validation owasp esapi

Passing variables on the command line to a Cucumber test

I'm trying to keep usernames and passwords for a cucumber project out of version control. Is there a way to …

ruby cucumber owasp

Installing OWASP’s WebScarab

I am following a book named "Web Security Testing Cookbook.pdf" (O'REILLY) by Paco Hope & Ben Walther. For installing …

owasp webscarab

How to allow specific characters with OWASP HTML Sanitizer?

I am using the OWASP Html Sanitizer to prevent XSS attacks on my web app. For many fields that should …

java security xss sanitization owasp

ESAPI XSS prevention for user supplied url property

One of my REST APIs is expecting a property "url" which expects a URL as input from the user. I …

java encoding xss owasp esapi

Why Url.IsLocalUrl is false for local URLs in ASP.NET MVC?

Mission: To prevent open redirection in an ASP.NET MVC 5 application The story: The user is on some webpage of …

c# asp.net asp.net-mvc url-redirection owasp

Filtering upwards path traversal in Java (or Scala)

Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all …

java owasp secure-coding path-traversal