Monday, 15 July 2019

OWASP logging to prevent Log Forging via Web HTTP Requests.

Maven Jar

<dependency>
    <groupId>org.owasp.esapi</groupId>
    <artifactId>esapi</artifactId>
    <version>2.1.0.1</version>
</dependency>

Util Method

public String encode(String message) {
    message = message.replace( '\n' '_' ).replace( '\r' , '_' )
      .replace( '\t' , '_' );
    message = ESAPI.encoder().encodeForHTML( message );
    return message;
}

Some security tools highlight these issues as critical and maybe its better to
add this to the base logger for us to not have issues later after the
application grows.
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS Certificate Manager - Import Certificate

How to import a certificate. Use Key Store Explorer to open the cert and export keypair in PEM format  This will save a file cert.pem. Make ...