Questions tagged [esapi]

The Enterprise Security API (ESAPI) is a library developed by the Open Web Application Security Project (OWASP). It is available for numerous languages with the aim of providing web security related features missing in those languages (and its internal APIs) itself.

Part of the Open Web Application Security Project. Details are available on the ESAPI homepage. Currently the API is available for:

Java
.Net
Classic ASP
PHP
ColdFusion and CFML
Python
JavaScript

257 questions

votes

10 answers

Trying to Use ESAPI But getting Error

I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar. But problem is I am not able to run even a simple program using ESAPI. The small code snippet is: String clean =…

asked Oct 08 '11 at 11:17

AngelsandDemons

2,693
12
42
70

votes

3 answers

OWASP ESAPI simpleTest in a Maven Java EE project

i have a litte JavaEE project, and i have to secure it with the OWASP ESAPI i integrated the ESAPI like this in Maven: org.owasp.esapi esapi …

security jakarta-ee maven owasp esapi

asked Mar 03 '12 at 03:39

Joergi

1,593
2
36
74

votes

5 answers

How to fix Veracode CWE 117 (Improper Output Neutralization for Logs)

There is an Spring global @ExceptionHandler(Exception.class) method which logs exception like that: @ExceptionHandler(Exception.class) void handleException(Exception ex) { logger.error("Simple error message", ex); ... Veracode scan says that…

java spring logging esapi veracode

asked Jul 06 '17 at 12:44

Vitaliy Borisok

votes

3 answers

Where can I find ESAPI.properties?

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()). I have added esapi-2.1.0.jar under WEB-INF/lib but I get the below…

java escaping owasp esapi

asked Mar 26 '15 at 03:25

Pro

votes

1 answer

Howto sanitize inputs

I am willing to use "OWASP ESAPI for Java" to sanitize users inputs when they submits forms in a Tomcat Webapp. I used to use org.apache.commons.lang.StringEscapeUtils like this: public static String myEscapeHtml(String s) { String…

java input sanitize owasp esapi

asked Jun 22 '14 at 17:21

Léa Massiot

1,694
6
21
37

votes

3 answers

Java Security vs. ESAPI

I'm a Java developer heading down the road that leads to App Security, and I've stumbled across the OWASP organization and its companion Java API, ESAPI. In another question I asked on this site months ago, it was pointed out to me that ESAPI is a…

java security esapi

asked Jan 11 '12 at 18:34

IAmYourFaja

50,141
159
435
728

votes

4 answers

ESAPI - Getting NoClassDefFoundError (LoggerFactory) with banned dependency

I am using espaiESAPI to encode string value to resolve cross site scripting issue as shown below (code snippet). String encodedString = ESAPI.encoder().encodeForHTML(value); Exception Trace org.owasp.esapi.errors.ConfigurationException:…

java maven dependencies esapi

asked Dec 15 '15 at 16:58

Dinesh M

votes

2 answers

encodeForHtml() vs htmlEditFormat()

encodeForHtml() (new in CF10) vs htmlEditFormat(), how are they different?

coldfusion esapi coldfusion-10

asked May 15 '12 at 08:41

Henry

31,972
19
112
214

votes

3 answers

Correct location for ESAPI.properties under web project

I added a OWASP ESAPI library to my project. And currently I'm stuck with a problem where to locate ESAPI.properties file. This project later should be deployed on few servers to which I don't have an access. So in my opinion there is no way to…

java eclipse esapi

asked Apr 24 '15 at 08:19

Petr Shypila

1,261
9
23
43

votes

0 answers

Extra line feeds in textareas / issue with Microsoft Edge or encodeForHTML (ColdFusion)

This is a strange one that only started within the past few months I would say. Textareas in Microsoft Edge only are displaying extra line breaks when using ColdFusion's encodeForHTML(). How to reproduce...

coldfusion xss microsoft-edge esapi

asked May 30 '19 at 23:48

gfrobenius

3,689
6
29
60

votes

4 answers

ClasscastException - org.apache.log4j.Logger cannot be cast to org.owasp.esapi.Logger - log4j to log4j2

I am working on upgrading log4j to log4j2. In that process I am getting a Logger Class cast exception. Below is the error. Caused by: java.lang.ClassCastException: org.apache.log4j.Logger cannot be cast to org.owasp.esapi.Logger at…

logging jboss7.x log4j2 esapi

asked Jul 13 '17 at 16:39

ATK

votes

1 answer

"ESAPI.properties could not be loaded by any means. fail." causing "Could not initialize class coldfusion.security.ESAPIUtils"

I have two servers - one production and one development - running ColdFusion 9.0.1 on IIS 7.5 on Windows Server 2008 R2. The two are configured identically. We have a transient issue where, after weeks to months of uneventful uptime, some parts of…

coldfusion esapi jrun

asked Aug 27 '14 at 17:20

Rob

votes

2 answers

OWASP-ESAPI logger help needed

In my current project I am using Maven and Spring. I am currently using SLF4J logger for logging services. In place of that I want to use OWASP-ESAPI logger. I don't want to use OWASP-ESAPI security, just the log services. Can anybody please guide…

logging owasp esapi

asked Jun 25 '14 at 06:48

Amit

votes

1 answer

Java bean validation alternatives to OWASP ESAPI

With OWASP demoting Java ESAPI from a flagship project and all of the discussion and uncertainty revolving around the library, I'd like to see what alternatives are available. I currently utilize ESAPI for input validation, HTML/JS/etc encoding and…

java validation encoding owasp esapi

asked Jun 11 '15 at 18:51

LetsBeFrank

votes

2 answers

Difference between HDIV and ESAPI

I am planing to develop a web application using Spring MVC and trying to figure out which is the best library to use to over come Top 10 OWASP issue. I came to see two HDIV and ESAPI, can any one please help me to understand the difference between…

java spring-mvc esapi hdiv

asked Jan 07 '15 at 17:41

Kumar

1,028
3
13
29

2 3

…

17 18 Next