[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application

From: Michele Orru <antisnatchor@xxxxxxxxx>
Subject: Re: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
Date: Mon, 16 Nov 2009 19:23:10 +0100

Hi Chris,

I'm planning to move the RESTful implementation on an application I'm
developing, from Restlet to JAX-RS (Jersey implementation). I'm using
Spring as the Container, as I do on almost every application I wrote.

In the near future I will also develop a web app (something like a
management console, with Spring MVC and Spring WebFlow), and I would
like to protect every single insertion point from malicious data.

This is the situation.
Thanks

Michele Orru'
http://antisnatchor.com


On Mon, Nov 16, 2009 at 7:08 PM, Schmidt, Chris
<cschmidt@xxxxxxxxxxxxxxxx> wrote:
> What kind of Spring integration would you be looking for with ESAPI? We
> have talked before about Spring integration, but I am not sure where and
> what the integration would be.
>
> -----Original Message-----
> From: Michele Orru [mailto:antisnatchor@xxxxxxxxx]
> Sent: Sunday, November 15, 2009 6:30 AM
> To: websecurity@xxxxxxxxxxxxx
> Subject: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
>
> Hi all,
>
> I'm wondering what you suggest to protect a Spring MVC + WebFlow based
> webapp from OWASP Top Ten.
> I was reading about HDIV and it looks interesting, but I know ESAPI
> from a longer time even if AFAIK there isn't any integration with
> Spring.
>
> What would you recommend?
>
> All the best
>
> Michele Orru'
> http://antisnatchor.com
>
> ------------------------------------------------------------------------
> ----
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
  - From: Michele Orru
- RE: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
  - From: Schmidt, Chris

Prev by Date: RE: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
Next by Date: [WEB SECURITY] OWASP ESAPI WAF released
Previous by thread: RE: [WEB SECURITY] ESAPI or HDIV in Spring WebFlow Web Application
Next by thread: [WEB SECURITY] Fwd: [mod-security-users] Announcing ModSecurity Handbook!
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site