In my current project we are using Servlets & JSP's. We are facing below listed Security problems
1. Cross-Site Scripting
2. Stored Cross-Site Scripting
3. Phishing Through Frames
4. Link Injection
Could you please kindly provide your valuable suggestions/solution to overcome these issues.
Thanking you in advance for your generous support.
I goggled, but they suggesting like "verify the data in input fields for special characters". But its very difficult to scan all the fields and URLs. Each screen has 100 of fields. it obviously decrease the performance.
vasu Sanaboina wrote:But its very difficult to scan all the fields and URLs. Each screen has 100 of fields. it obviously decrease the performance.
vasu Sanaboina wrote:But its very difficult to change all the fields to that script. that to some fields are generating in java side i.e. dynamically forming in java and populating in jsp. mine is big project.
Neither task is difficult, just time-consuming to implement. But there is no substitute for application security, so it's not like you have a choice. Plus, performance is almost always subservient to security, so again, you have it backwards. I found some useful starting points in the FAQ right here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
Can you get any help from IBM with this? I know some security scanners will find things that MIGHT look like a risk, but depending on your design, may actually pose no threat. In general, it's a good idea to work with the scan vendor (or user forums) to understand what the results are telling you, and if you need to be concerned.
As far as having hundreds of fields to scan, is there a way using OOP can help overcome this? What does your "FieldWriter" object do?
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
Joined: Sep 11, 2007
How these validations perfomring in the Spring, Struts frameworks used projects. Currently I am going to implement the solutions like validating some special characters in the input text fields and URLs.
Please if any one has proper solution. kindly let me know.
Thanking in advance for your valid response.
subject: Security Remediation in My current application