Questions tagged [esapi]

The Enterprise Security API (ESAPI) is a library developed by the Open Web Application Security Project (OWASP). It is available for numerous languages with the aim of providing web security related features missing in those languages (and its internal APIs) itself.

Part of the Open Web Application Security Project. Details are available on the ESAPI homepage. Currently the API is available for:

Java
.Net
Classic ASP
PHP
ColdFusion and CFML
Python
JavaScript

257 questions

votes

3 answers

How to use ESAPI to fix Resource Injection (URL) issues

I am new to the Stack Overflow forum. I have a question in remediating the fortify scan issues. HP Fortify scan reporting the Resource Injection issue for following code. String testUrl = "http://google.com"; URL url = null; try { url = new…

java esapi

asked Oct 16 '13 at 09:18

mari muthu

votes

0 answers

ClassCastException with org.owasp.esapi.logger when deploying with JBoss

I'm trying to install JasperServer on a Jboss 7.1 server, and after a lot of trouble to successfully deploy the .war I downloaded on their site, when I try to log in I got this exception: ERROR…

jakarta-ee deployment jboss7.x esapi

asked May 22 '13 at 12:04

user1948708

votes

1 answer

ESAPI.encoder().canonicalize(query) is not working properly

I have a input tag like this I tried using the ESAPI canonicalize function for query like "> But it doesnt work and…

encoding input owasp esapi

asked Apr 16 '13 at 07:18

Coder_sLaY

12,295
29
71
117

votes

2 answers

ESAPI encoding issue

We are trying to use ESAPI in our web app. We have following function in servlet. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { …

esapi

asked Apr 10 '13 at 13:19

bhagyashree

votes

1 answer

ESAPI properties file in Tomcat

I'm using ESAPI encryption in Tomcat war application. I want to load the ESAPI.properties file from a directory outside of the war, in order to have a different key and salt to each environment. I also wish that each war will have a different…

tomcat esapi

asked Jan 30 '13 at 16:17

Litom

votes

1 answer

OWASP TOP 10 - 4. Insecure Direct Object References - other way then ESAPI in JSF 1.2 + JAVA + SEAM

Is there anything already integrated in JSF 1.2 or SEAM 2.2.2 to prevent A4-Insecure Direct Object References I know the ESAPI functions to do it, but i don't want to include another framework into my project if not necessary, is there anything…

jsf jsf-1.2 seam2 owasp esapi

asked Nov 28 '12 at 13:55

Joergi

1,593
2
36
74

votes

1 answer

Override ESAPI OWASP methods java

I am trying to override an existing method in ESAPI OWASP library, by using ESAPI.override(). Somehow it does not work, do you know why? Here my code: public class AntiSamyDOMScannerExpansion extends AbstractAntiSamyScanner { //... public…

owasp esapi

asked Sep 24 '12 at 12:23

Blanca Hdez

3,383
15
66
85

votes

2 answers

cloudbees & ESAPI - how do I point to the ESAPI directory?

I'm using ESAPI for my project, and added the ESAPI configuration directory to src/main/resources so it is copied to my WAR file (I downloaded the WAR from cloudbees, I can see it was put in WEB-INF/classes/esapi/ directory) Locally, I just point to…

java resources directory cloudbees esapi

asked Sep 13 '12 at 05:50

TheZuck

3,075
1
25
34

votes

1 answer

Regular expression for resume content

I need to accept resume content as a text and process the content. Before processing I thought of using ESAPI.validator().isValidInput to validate the resume content to confirm it doesn't contain malicious code. One of the parameters for…

java regex owasp esapi

asked Aug 02 '12 at 09:22

Pramod CA

votes

2 answers

encodeForJavaScript() with JSON.parse, doublequote woes

In CF (9.0.2 with esapi-2.0_rc10.jar):