[Esapi-user] Sample Java Web Application with ESAPI

Kevin W. Wall kevin.w.wall at gmail.com
Wed May 26 07:23:24 EDT 2010


Tarcizio Vieira Neto wrote:
> Is there any Java Web Application sample with insecure version and the new
> version with security improvements using ESAPI?
> 
> I'm asking this because I'm learning about ESAPI and I'm not feeling secure
> about the right way to use filters and ESAPI classes.
> 
> If this application doesn't exists would be a good idea construct it to help
> the users how to implement security in their applications with ESAPI and the
> most important: how to do this in the best way.

Have you taken a look at Swingset?
   http://www.owasp.org/index.php/ESAPI_Swingset

Or where you looking for something specific, such as how to
configure the RequestRateThrottleFilter that you mentioned
yesterday?

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Esapi-user mailing list