You can do authentication, authorization, CSRF protection, XSS protection etc (besided many other things). A sample application and API doc is available at the site. However there is no other detailed documentation on the usage. I will write another blog on the usage in detail.
Following is few Key classes and API
package org.owasp.esapi
For authentication
class Authenticator
login()
logout()
For authorization
class AccessController
assertAuthorizedForURL(string url)
For XSS protection
class Validator
assertValidHTTPRequestParameterSet(string context, Request request, Set requied, Set optional)
isValidString(string input)
class Encoder
encodeForHTML(string input)
For CSRF protection
class HTTPUtilities
addCSRFToken(string href)
verifyCSRFToken()
I will write a detailed blog later.
No comments:
Post a Comment