I am using espaiESAPI to encode string value to resolve cross site scripting issue as shown below (code snippet). String encodedString = ESAPI.encoder().encodeForHTML(value); Exception Trace o...

There is an Spring global @ExceptionHandler(Exception.class) method which logs exception like that: @ExceptionHandler(Exception.class) void handleException(Exception ex) { logger.error("Simple er...

I added a OWASP ESAPI library to my project. And currently I'm stuck with a problem where to locate ESAPI.properties file. This project later should be deployed on few servers to which I don't have...

I am willing to use "OWASP ESAPI for Java" to sanitize users inputs when they submits forms in a Tomcat Webapp. I used to use org.apache.commons.lang.StringEscapeUtils like this: public static St...

When I scan using Fortify I have vulnerabilities like "Often Misused: Authentication" in the code below. Is there any fix for this issue? I have seen related posts but I was not able to g...

I am trying to use OWASP ESAPI for validating strings in a spring mvc project. So far I have done: 1- <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi&...

This is a strange one that only started within the past few months I would say. Textareas in Microsoft Edge only are displaying extra line breaks when using ColdFusion's encodeForHTML(). How to rep...

I am working on upgrading log4j to log4j2. In that process I am getting a Logger Class cast exception. Below is the error. Caused by: java.lang.ClassCastException: org.apache.log4j.Logger cannot b...

I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar. But problem is I am not able to run even a simple program using ESAPI. The s...

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()). I have added esapi-2.1.0.jar under WEB-INF...

encodeForHtml() (new in CF10) vs htmlEditFormat(), how are they different?

In my current project I am using Maven and Spring. I am currently using SLF4J logger for logging services. In place of that I want to use OWASP-ESAPI logger. I don't want to use OWASP-ESAPI securit...

I am implementing an XSS filter for my web application and also using the ESAPI encoder to sanitise the input. The patterns I am using are as given below, // Script fragments Pattern.compile("&l...

I am planing to develop a web application using Spring MVC and trying to figure out which is the best library to use to over come Top 10 OWASP issue. I came to see two HDIV and ESAPI, can any one p...

I have two servers - one production and one development - running ColdFusion 9.0.1 on IIS 7.5 on Windows Server 2008 R2. The two are configured identically. We have a transient issue where, after w...

I hope someone could help me with some issue. I'm using OWASP ESAPI 2.1.0 with JavaEE, to help me to validate some entries in a web application. At some point I needed to validate a Windows file p...

i have a litte JavaEE project, and i have to secure it with the OWASP ESAPI i integrated the ESAPI like this in Maven: <!-- ESAPI Version 2.0.1 --> <dependency> <groupId>org.ow...

In an earlier question encodeForHtml() vs htmlEditFormat(), how are they different, it seems like the new encodeForHtml() & encodeForURL() functions are superior to htmlEditFormat() & urlFo...

I'm a Java developer heading down the road that leads to App Security, and I've stumbled across the OWASP organization and its companion Java API, ESAPI. In another question I asked on this site m...