Covering J2EE Security and WebLogic Topics

Tamper-evident audit logs with AuditHawk

XSS and Web Frameworks

Permanent Article Link

Matt Raible recently blogged about Java Web Frameworks and XSS. The post and the comments are well worth reading. It’s easy to think (hope!) that a framework will automatically escape output to prevent XSS and give no more thought to it. As Matt’s post shows, you really need to know how your chosen framework deals with the issue.

If you use Struts 2 or WebWork be sure to read the post and update your libraries.

Posted in Development, Quick Tips, Security July 23rd, 2007 by Mike Fleming | No comments

Bookmark this post on del.icio.us

No Comments

No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(NOTE: Comments are moderated and won't show up right away.)

 

Bookmark this page on del.icio.us