I searched extensively for good materials for prevention of XSS attacks using OWASP ESAPI, but could not find any beginner material. Can some one please give me an example how this works?
Asked
Active
Viewed 1,074 times
2 Answers
4
your best bet for this would be probably to look at the other OWASP ESAPI implementations to see how they've handled it, which should at least give you the approaches to look at, even if you then need to translate that over to PHP.
In terms of information you could look at this post about the Java ESAPI implementation which is, AFAIK, the most mature one about. There's another post here which also looks at XSS and ESAPI.
Rory McCune
- 60,923
- 14
- 136
- 217
1
I found this tutorial which steps through creating first an unsafe web application with PHP and then securing it with ESAPI. I haven't yet tried the tutorial with an up to date version of ESAPI (tutorial dates from 2010) but am about to.
In any case it seems to give a good basic idea on how to use ESAPI.
http://jackwillk.blogspot.be/2010/08/using-owasp-esapi-php-part-4.html