[Esapi-user] ESAPI quesitons

Jim Manico jim.manico at owasp.org
Tue Jan 5 13:24:31 EST 2010


For XSS I would start here: 
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet 


For CSRF, here: 
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet

- Jim


> Hi All,
> I am new to the ESAPI toolkit. I have now downloaded ESAPI 1.4 and 
> below are questions that I hope you all can help me with.
> 1) Where can I find information on how to set up ESAPI 1.4
> 2) Are there any tutorials to get me started to use ESAPI 1.4
> 3) My understanding is that ESAPI is a toolkit that provides us with 
> tools to prevent XSS and CSRF issues. I now have a Web Application 
> that is vunerable to XSS and CSRF, how can I add ESAPI to the Web 
> Application? Does it involve a lot of changes to the WebApp itself?
> Regards
> Johan
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100105/615db60e/attachment.html 


More information about the Esapi-user mailing list