"Cross-site scripting is the practice of embedding malicious script into a Web page that can execute when users visit the page. To ward off such attacks, the report recommends using frameworks and libraries to control output, including "Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket." Programmers should use strong character encoding and set the browser cookie session to HttpOnly."
Taken from: http://mcpmag.com/articles/2010/02/18/report-profiles-top-software-security-coding-errors.aspx Mention of Wicket in the original report (http://cwe.mitre.org/top25/): Prevention and Mitigations Architecture and Design Use languages, libraries, or frameworks that make it easier to generate properly encoded output. Examples include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
