Java Security Tip: Sanitize user input

Java Security Tip: Sanitize user input

Java Security Tip: Sanitize user input

Java Security Quick Tip: Always sanitize user input before you display it in your web app. Displaying user input without proper validation or sanitization can lead to cross-site scripting (XSS) security issues.

With the OWASP Encoder library, you can escape scripts and be positive that they will not be executed in the users’ browser.

In this video, I will answer the following questions:

- What is cross-site scripting (XSS)?
- How to handle cross-site scripting (XSS) in Java?
- How can I prevent reflective XSS?
- Can I do something to prevent a stored XSS attack?

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for Java and many other languages.

Learn more about Snyk http://bit.ly/snyk-io

📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/


Content

0.16 -> Yey Java devs I'm Brian from Snyk and I  have a small Java security tip for you
7.12 -> Always validate user input as this might cause  cross-site scripting issues or other unexpected  
12.56 -> behavior that might hurt you or your users. Cross-site scripting or XSS is a code  
18.08 -> vulnerability that occurs when an attacker injects  a malicious script into an otherwise trusted  
23.44 -> website. The injected script gets downloaded and  executed by the end user's browser when the user  
29.92 -> interacts with the compromised website. In this  example, the input parameter is directly sent to  
35.04 -> the output writer. If the input parameter contains  any JavaScript then it may lead to a reflected  
42 -> cross-site scripting attack. You can use a library  like the Encoder library from the OWASP foundation  
48.56 -> to ensure the input is safe. Remember that  you also need to do similar actions with data  
54.16 -> coming from a database. If this data contains  a script and it is displayed on your web page,  
61.28 -> you may be the victim of a stored  cross-site scripting attack.  
65.6 -> You need to prevent that your database  is the single point of failure!  
69.68 -> You can use the OWASP Encoder library in a similar  way to mitigate this issue. There are multiple  
75.84 -> ways to solve this issue but the most important  thing is that you catch these vulnerabilities  
80.72 -> early. A tool like Snyk code can help you  with this. Thanks for listening and stay safe

Source: https://www.youtube.com/watch?v=HL3z59Fr1z0