1 Reply Latest reply on Nov 28, 2014 10:31 AM by masummymesingh

OWASP secuirty for JSF2.2

masummymesingh Nov 28, 2014 4:49 AM

is JSF2.2 by default owasp supported ?

if not , which security need customize/optimized for JSF based webapp ?

OWASP security -----------------------------

A1 – Injection

A2 – Broken Authentication and Session Management

A3 – Cross-Site Scripting (XSS)

A4 – Insecure Direct Object References

A5 – Security Misconfiguration

A6 – Sensitive Data Exposure

A7 – Missing Function Level Access Control

A8 – Cross-Site Request Forgery (CSRF)

A9 – Using Known Vulnerable Components

A10 – Unvalidated Redirects and Forwards

1. Re: OWASP secuirty for JSF2.2

masummymesingh Nov 28, 2014 10:31 AM (in response to masummymesingh)

I have found several way but need to know extra care for owasp security with JSF that   implement it by my self   in writing code .
that means which owasp security JSF2.2 by default not supported ?

Exp : CSRF owasp security by default JSF2.2 supported no need extra care for this purpose .

   https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Home
   https://www.owasp.org/index.php/ESAPI_Swingset

   =============================================================================================

   http://www.security4web.ch/downloads/doc/Security_framework_OWASP_esapi_JSF_14.05.2013.pdf

   http://www.slideshare.net/rakeshkachhadiya/development-security-framework-based-on-owasp-esapi-for-jsf20

   http://java.dzone.com/articles/top-10-web-application

   https://code.google.com/p/owasp-esapi-java/

Any one who already research on OWASP with JSF2 give me some points how to implement owasp security in JSF2.2 app ?
Actions