esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
I was trying to use DefaultValidator.safeReadLine() to read a line from an input Stream in order to prevent from DoS. However it seems through "\r" and "\n" are handled as...
There are at least these 2 properties in the ESAPI.properties file that are OS-specific path names: ``` # Default file upload location (remember to escape backslashes with \\) HttpUtilities.UploadDir=C:\\ESAPI\\testUpload HttpUtilities.UploadTempDir=C:\\temp...
**ESAPI.properties** has lots of obsolete references to ESAPI (for Java) 1.4, which is past end-of-life. Those comments / references need to be revised. If there are other documentation artifacts in...
_From [[email protected]](https://code.google.com/u/115469885673665207514/) on July 08, 2014 14:33:53_ I Had a Server facing around 10000 requests per second. I Added Esapi for Security checks ( mostly getValidInput) and it crashed the...
_From [[email protected]](https://code.google.com/u/106366406945487233817/) on January 26, 2010 21:44:51_ What steps will reproduce the problem? 1. look at the method in the source code xpath encoding != html encoding... both 2.0 and...
_From [[email protected]](https://code.google.com/u/110242786105136439221/) on August 04, 2009 11:11:31_ In AuthenticatorTest.java there is this test: try { instance.verifyPasswordStrength("password", "password123"); fail(); } catch ... The test passes, indicating that verifyPasswordStrength raised an exception...
_From [[email protected]](https://code.google.com/u/[email protected]/) on November 03, 2010 01:40:58_ We need one central filter for security headers (clickjacking headers, XSS header defense, STS and others) http://feedproxy.google.com/~r/typepad/the_security_practice/~3/aMQ-E8zZYk4/the-need-for-coherent-web-security-policy-frameworks.html Let's work out the API first...
_From [[email protected]](https://code.google.com/u/[email protected]/) on July 04, 2011 10:34:23_ Our latest current production javadoc for ESAPI 2.0GA is at: http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/index.html The javadoc there is not linked to the standard Sun (now Oracle)...
_From [[email protected]](https://code.google.com/u/[email protected]/) on October 22, 2013 13:04:40_ The 'configuration/esapi/ESAPI.properties' file and all other files under the 'configuration/esapi' directory are missing from the ESAPI production builds. (E.g., it is missing from...
`/** * Working with request parameters. If we detect * simple regex characters, we treat it as a regex. * Otherwise we treat it as a single parameter. */ target...
