Collaborate Disseminate
The new version of appscan is giving this vulnerability for using OWASP encoder and same with stringescapeutils and esapi also.
Can any one suggest some other alternative for this and need as quick as possible
I recently read that OWASP ESAPI will be discontinued and no longer be updated. Is there an alternative to OWASP ESAPI for Java and for Spring based Web Services?
Here I want to understand what if private API Documentation is exposed how can a hacker exploited the application as all the endpoints have authorization & authentication.
its is really going to be helpful for a hacker to exploit with … Continue reading How can API documentation helpful to exploit any application?
Checkmarx keeps throwing http response splitting of the following code:
public void getFile(HttpServletRequest request, HttpServletResponse response) {
String date = ESAPI.validator().getValidInput(“date”, request.getPar… Continue reading HTTP response splitting from Checkmarx scan
After performing Vera code scan on my code, a flaw was reported saying ” Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting – CWE ID 113’) on the below code.
public void writeCookies() {
… Continue reading NoClassDefFoundError encountered while fixing CRLF sequence in HttpHeader [migrated]
I noticed OWASP ESAPI hasn’t been updated in a while (minor update in 2016, and before 2013). Are there better alternatives to using it i.e. using a more maintained framework’s utilities for say escaping and validating user i… Continue reading Is OWASP ESAPI still the recommended way to secure JSP pages
I have just seen that the last release has been pushed out in 2009 and that raised my doubts.
Continue reading Is OWASP ESAPI .NET Edition really used? Is this project still alive?