Monday, September 2, 2013

OWASP ESAPI encoder library

ESAPI is a library for user input cleansing for a web application. ESAPI encoder sanitizes user input so that the input can be safely displayed on a user's browser. ESAPI is a great help preventing code injection (inc. SQL injection) and XSS.

OWASP ESAPI (OWASP Enterprise Security API)
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

ESAPI supports
- Java, .NET, Python, Ruby, PHP, etc.
- Base 64 encoding/decoding is also supported.

P.S. For XSS prevention,
Set cookies HTTP access only and block Javascript access.