 | |
|
Pump Up Your Technical Knowledge
Listen and watch as industry luminaries bring you the latest on Java technologies
Cross-site scripting (XSS) allows a complete takeover of the victim's Web browser and has overtaken the buffer overflow as the most prevalent application security problem. More than 70% of Java technology-based Web applications still have XSS issues. This session -- for Java Platform, Enterprise Edition (Java EE platform) developers and architects, particularly those focusing on the presentation layer -- explores all the different browser contexts in which XSS is possible, including HTML attributes, style blocks, URLs, event handlers, and more. Each of these contexts has a different escaping/encoding syntax that must be followed to prevent XSS attacks. The presentation provides a framework for using escaping to truly make XSS impossible and also demonstrates a free Open Web Application Security Project (OWASP) tool for analyzing your current JavaServer Pages and JavaServer Faces technology-based libraries to evaluate their susceptibility to XSS attack. In the session, you will learn
|
FREE White Papers on Java SE, Java EE, cloud computing and database technologies.
| ||||||
| |
Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
| ||||||||||||
