Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1. Implement input validation https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet#Example_Dangerous_HTML_Methods
1.1. Use encoding libraries available:
 - ESAPI4JS http://bit.ly/9hRTLH
 - Jquery-encoder
 - JSON sanitizer https://www.owasp.org/index.php/OWASP_JSON_Sanitizer#tab=Getting_Started
 - Java html sanitizer import org.owasp.html.HtmlPolicyBuilder;
 - org.owasp.html.Sanitizers
 https://github.com/OWASP/java-html-sanitizer/blob/master/docs/getting_started.md
 https://www.owasp.org/index.php/Testing_Checklist https://blog.whitehatsec.com/handling-untrusted-json-safely/
Automating scans, manual verification
Consider OnDemand?
Burp training
Books https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet https://github.com/cure53/DOMPurify https://github.com/hackvertor/MentalJS http://www.qasec.com/2011/01/tips-for-tracking-security-related-defects-in-your-bugtracker.html
Input validation is essential to prevent untrusted input of getting executed, the use of encoding libraries available can assist on enforcing strict input control. 

...

Encoding Libraries:

OWASP ESAPI

OWASP Java Encoder Project

...