軟體安全開源開發框架介紹

軟體安全開源開發框架介紹

1. Java Encoder

解決安全問題: XSS注入攻擊

 

官網參考

https://www.owasp.org/index.php/OWASP_Java_Encoder_Project

https://github.com/OWASP/owasp-java-encoder

https://owasp.github.io/owasp-java-encoder/

https://owasp.github.io/owasp-java-encoder/encoder/apidocs/index.html?index-all.html

 

2. OWASP Java HTML Sanitizer

解決安全問題: XSS注入攻擊

https://github.com/owasp/java-html-sanitizer

https://github.com/OWASP/java-html-sanitizer/blob/master/docs/getting_started.md

http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1

https://github.com/OWASP/java-html-sanitizer/tree/master/src/main/java/org/owasp/html/examples

 

3. OWASP CSRFGuard

File:CSRGuard.PNG

https://github.com/aramrami/OWASP-CSRFGuard

 

CSRFProtector Project

https://www.owasp.org/index.php/CSRFProtector_Project

https://github.com/mebjas/CSRF-Protector-PHP/wiki/How-to-use

https://github.com/mebjas/CSRF-Protector-PHP/wiki

https://github.com/mebjas/mod_csrfprotector

https://github.com/mebjas/CSRF-Protector-PHP

keyczar

https://github.com/google/keyczar

https://github.com/google/keyczar/wiki/

https://github.com/google/keyczar/blob/wiki/keyczar05b.pdf

 

Bean Validation

http://beanvalidation.org/news/2018/02/26/bean-validation-2-0-whats-in-it/

 

Fluent Validator

https://github.com/neoremind/fluent-validator

Java的业务逻辑验证框架fluent-validator

 

Commons Validator

https://commons.apache.org/proper/commons-validator/apidocs/org/apache/commons/validator/package-summary.html

https://commons.apache.org/proper/commons-validator/

 

 

Other sanitizer libraries:
http://htmlpurifier.org/ (PHP)
https://github.com/ecto/bleach (JavaScript / Node)
https://pypi.python.org/pypi/bleach (Python)

Leave a Reply

Your email address will not be published. Required fields are marked *