|
Pump Up Your Technical Knowledge
Listen and watch as industry luminaries bring you the latest on Java technologies
Cross-site scripting (XSS) allows a complete takeover of the victim's Web browser and has overtaken the buffer overflow as the most prevalent application security problem. More than 70% of Java technology-based Web applications still have XSS issues. This session -- for Java Platform, Enterprise Edition (Java EE platform) developers and architects, particularly those focusing on the presentation layer -- explores all the different browser contexts in which XSS is possible, including HTML attributes, style blocks, URLs, event handlers, and more. Each of these contexts has a different escaping/encoding syntax that must be followed to prevent XSS attacks. The presentation provides a framework for using escaping to truly make XSS impossible and also demonstrates a free Open Web Application Security Project (OWASP) tool for analyzing your current JavaServer Pages and JavaServer Faces technology-based libraries to evaluate their susceptibility to XSS attack. In the session, you will learn
|
FREE White Papers on Java SE, Java EE, cloud computing and database technologies.
| ||||||
|
| ||||||||||||