OWASP logging to prevent Log Forging via Web HTTP Requests. <SECURITY>

July 15, 2019

OWASP logging to prevent Log Forging via Web HTTP Requests.

Maven Jar

<dependency>

    <groupId>org.owasp.esapi</groupId>

    <artifactId>esapi</artifactId>

    <version>2.1.0.1</version>

</dependency>

Util Method 

public String encode(String message) {

    message = message.replace( '\n' ,  '_' ).replace( '\r' , '_' )

      .replace( '\t' , '_' );

    message = ESAPI.encoder().encodeForHTML( message );

    return message;

}

Some security tools highlight these issues as critical and maybe its better to

add this to the base logger for us to not have issues later after the

application grows.

Search This Blog

Sanal Samuel

OWASP logging to prevent Log Forging via Web HTTP Requests.

Comments

Post a Comment

Popular Posts

Jackson - Json Validator for POJO with Annotations

org.bouncycastle.jcajce.provider.symmetric.IDEA$Mappings - signer information does not match signer information of other classes in the same package