Looks like I might have a requirement for implementing OWASP secure coding practices, as described by
http://www.sans.org/reading_room/whitepapers/application/rss/appsec_protecting_your_web_apps_two_big_mistakes_and_12_practical_tips_to_avoid_them_33038<https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897b71d6534db&URL=http%3a%2f%2fwww.sans.org%2freading_room%2fwhitepapers%2fapplication%2frss%2fappsec_protecting_your_web_apps_two_big_mistakes_and_12_practical_tips_to_avoid_them_33038> One thing that I definitively don't do and I believe Lift doesn't do out of the box is Canonicalize input before validation/filtering. I was looking into using OWASP ESAPI<http://www.owasp.org/index.php/ESAPI>but I'm put off by it's use of property files and system resources. Do any of you Canonicalize input, if so, do you use a Library? Does Lift need this feature, or any of the others described in the above document? cheers Oliver --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
