esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
_From [[email protected]](https://code.google.com/u/102164272958221719662/) on April 21, 2010 11:11:05_ The following issue is an enhancement request, to aid in the usability of the methods in the Authenticator class. I was looking at...
The AES/GCM/NoPadding encryption seems to have been only tested with BouncyCastle. JDK8 now supports AES/GCM natively but it doesn't seem to work because ESAPI is passing IvParameterSpec to the JCE...
_From [seantmalone](https://code.google.com/u/seantmalone/) on November 11, 2010 12:08:23_ I recently did a code review for a project that was using the readLine() function of java.io.BufferedReader to read a user-controlled file. The...
_From [[email protected]](https://code.google.com/u/106366406945487233817/) on May 15, 2010 21:42:05_ What steps will reproduce the problem? 1. Wrap a request that contains a % escape in the query string 2. Call getQueryString() 3....
_From [[email protected]](https://code.google.com/u/108417551973747153004/) on April 20, 2010 04:06:42_ I'm a thankful user of the SafeRequest (1.4, in 2.0 SecurityWrapperRequest) which offers a very good protection against various kinds of injection attacks....
_From [[email protected]](https://code.google.com/u/111017230010175507935/) on December 08, 2010 14:35:44_ What steps will reproduce the problem? 1. Use the Unvalidated Redirect/Forward lab solution from the ESAPI SwingSet 1.0 release ( https://code.google.com/p/swingset-demo/ ). The...
_From [[email protected]](https://code.google.com/u/100489042306421494945/) on December 28, 2010 12:49:20_ What steps will reproduce the problem? 1. Scan vunerable HTML it will return true 2. Used the default antisamy-esapi.xml What is the expected...
_From [[email protected]](https://code.google.com/u/117798575510926043054/) on March 04, 2011 14:05:49_ The HTTPUtilities.getFileUploads(...) methods do not provide a means to get at non-file posted fields. This could be fixed by either: 1) Overloading the...
_From [[email protected]](https://code.google.com/u/105473479831509373176/) on March 24, 2011 19:05:13_ Sometimes it is difficult to know when data has been previously encoded so to avoid double encoding having a decode/cannonicalization step before encoding....
_From [[email protected]](https://code.google.com/u/101619784706007770040/) on September 09, 2014 11:18:01_ EncryptedPropertiesUtils may be used to encrypt a properties file but cannot be used in an automated fashion because it prompts for additional key-values...