Questions tagged [esapi]

The Enterprise Security API (ESAPI) is a library developed by the Open Web Application Security Project (OWASP). It is available for numerous languages with the aim of providing web security related features missing in those languages (and its internal APIs) itself.

Part of the Open Web Application Security Project. Details are available on the ESAPI homepage. Currently the API is available for:

Java
.Net
Classic ASP
PHP
ColdFusion and CFML
Python
JavaScript

307 questions

votes

0 answers

ESPI : validation fails

I am using ESPI security for my Java web application. There is one input type when I submit the form, the validation fails. is there any special care should be take for this kind of value?

java security esapi

asked Jan 20 '14 at 16:06

user3215808

votes

2 answers

ESAPI implementation for spring form tags

How can we implement ESAPI output encoding in an application using java and spring-mvc. Read many posts and saw this: <%@ page import="org.owasp.esapi.*" %>

java jsp spring-mvc esapi

asked Jan 16 '14 at 14:44

user1609085

votes

1 answer

How to implement Java ESAPI for preventing XSS?

I've read a lot of posts that ESAPI for Java can be used to prevent XSS by using Validator & Encoder. By the way, I am using Eclipse. I'm not using Maven nor Spring. My questions are: How to implement Java ESAPI for preventing XSS? Are there other…

java xss esapi

asked Jan 07 '14 at 14:43

Abel Callejo

13,779
10
69
84

votes

1 answer

How to create custom user in esapi

How can I create my own user class with additional properties in it? I tried to create my own user class by implementing org.owasp.esapi.User interface and added some extra properties. public class MyUserClass implements User{ then I tried this…

java esapi

asked Nov 04 '13 at 10:11

MBR

votes

3 answers

How to use ESAPI to fix Resource Injection (URL) issues

I am new to the Stack Overflow forum. I have a question in remediating the fortify scan issues. HP Fortify scan reporting the Resource Injection issue for following code. String testUrl = "http://google.com"; URL url = null; try { url = new…

java esapi

asked Oct 16 '13 at 09:18

mari muthu

votes

0 answers

ClassCastException with org.owasp.esapi.logger when deploying with JBoss

I'm trying to install JasperServer on a Jboss 7.1 server, and after a lot of trouble to successfully deploy the .war I downloaded on their site, when I try to log in I got this exception: ERROR…

jakarta-ee deployment jboss7.x esapi

asked May 22 '13 at 12:04

user1948708

votes

1 answer

ESAPI.encoder().canonicalize(query) is not working properly

I have a input tag like this I tried using the ESAPI canonicalize function for query like "> But it doesnt work and…

encoding input owasp esapi

asked Apr 16 '13 at 07:18

coderslay

13,960
31
73
121

votes

2 answers

ESAPI encoding issue

We are trying to use ESAPI in our web app. We have following function in servlet. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { …

esapi

asked Apr 10 '13 at 13:19

bhagyashree

votes

1 answer

ESAPI properties file in Tomcat

I'm using ESAPI encryption in Tomcat war application. I want to load the ESAPI.properties file from a directory outside of the war, in order to have a different key and salt to each environment. I also wish that each war will have a different…

tomcat esapi

asked Jan 30 '13 at 16:17

Litom

votes

1 answer

OWASP TOP 10 - 4. Insecure Direct Object References - other way then ESAPI in JSF 1.2 + JAVA + SEAM

Is there anything already integrated in JSF 1.2 or SEAM 2.2.2 to prevent A4-Insecure Direct Object References I know the ESAPI functions to do it, but i don't want to include another framework into my project if not necessary, is there anything…

jsf jsf-1.2 seam2 owasp esapi

asked Nov 28 '12 at 13:55

Joergi

1,527
3
39
82

votes

1 answer

Override ESAPI OWASP methods java

I am trying to override an existing method in ESAPI OWASP library, by using ESAPI.override(). Somehow it does not work, do you know why? Here my code: public class AntiSamyDOMScannerExpansion extends AbstractAntiSamyScanner { //... public…

owasp esapi

asked Sep 24 '12 at 12:23

Blanca Hdez

3,513
19
71
93

votes

2 answers

cloudbees & ESAPI - how do I point to the ESAPI directory?

I'm using ESAPI for my project, and added the ESAPI configuration directory to src/main/resources so it is copied to my WAR file (I downloaded the WAR from cloudbees, I can see it was put in WEB-INF/classes/esapi/ directory) Locally, I just point to…

java resources directory cloudbees esapi

asked Sep 13 '12 at 05:50

TheZuck

3,513
2
29
36

votes

1 answer

Regular expression for resume content

I need to accept resume content as a text and process the content. Before processing I thought of using ESAPI.validator().isValidInput to validate the resume content to confirm it doesn't contain malicious code. One of the parameters for…

java regex owasp esapi

asked Aug 02 '12 at 09:22

Pramod CA

votes

2 answers

encodeForJavaScript() with JSON.parse, doublequote woes

In CF (9.0.2 with esapi-2.0_rc10.jar):