esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
_From [chrisisbeef](https://code.google.com/u/chrisisbeef/) on November 20, 2010 16:13:38_ Splitting ESAPI into manageable components to reduce the footprint and allow developers to customize their implementation to fit their specific needs. _Original issue:...
As a developer, I would like to use annotation based input validation which invokes `DefaultValidator` underneath as `DefaultValidator` has handled a lot of essential protections (e.g. canonicalisation) and allow easy...
As a developer, I want to probe and validate the MIME type of a file uploaded by a user so that I can ensure the MIME type of the file...
After searching some minutes I've found the release notes to be part of documentation (I've looked there at second place but still did not found them because looking for a...
The following unit test is incorrect in the baseline, but this one correctly shows that we don't properly canonicalize a mailto URL. For the record---the regex we currently use as...
_From [[email protected]](https://code.google.com/u/116937351057973843388/) on May 14, 2014 12:42:51_ Hi, I wrote a Java Servlet Filter for Content Security Policy 1.0 ( http://www.w3.org/TR/CSP/ ) which can be found on github: https://github.com/ronaldploeger/ContentSecurityPolicyFilter I...
_From [[email protected]](https://code.google.com/u/[email protected]/) on January 30, 2011 13:40:05_ I think we need a better strategy for response splitting defense. > Right now, the only advice we give is to use the...
_From [[email protected]](https://code.google.com/u/112472167379778070803/) on January 26, 2011 19:16:16_ Please change java.lang.Character to String conversion to be more efficient. Specifically, instead of ""+c to build string, use String.valueOf(c). When I test on...
_From [[email protected]](https://code.google.com/u/[email protected]/) on November 03, 2010 06:01:13_ 1) the requirement to call ESAPI.override( new DefaultSecurityConfiguration() ); which according to the Javadoc says: Overrides the current security configuration with a new...
_From [[email protected]](https://code.google.com/u/117798575510926043054/) on January 16, 2010 12:58:22_ I'd like to request that the reference implementations be more extensible. The DefaultUser class is not now extensible by classes outside of the...