A brief overview of OWASP top 10 risks and what it takes to minimize them in java.(Part -5)

  1. Do not use GET requests (URLs) for sensitive data or to perform value transactions
  2. Use only POST methods when processing sensitive data from the user.
  3. However, the URL may contain the random token as this creates a unique URL, which makes CSRF almost impossible to perform.
  4. The token is a generic term that is used for implementations of the “synchronizer token pattern”.

Using ESAPI to prevent CSRF (synchronizer token pattern)

9 Using Known Vulnerable Components

10 Unvalidated Redirects and Forwards

Lead Software Engineer @ IFS, Former intern at @ WSO2 inc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Campfire Interaktive Hörspiele Hack Free Resources Generator

Ransomware — what should you do?

What to do when Ransomware Activity Targeting the Healthcare Sector?

Introducing the Cryptoverse LAND Sale on ChainBoost

What is the InsureDAO testnet

71,000 employee accounts have apparently been exposed as the Nvidia hacker deadline approaches

BogCharts 3.2 Releases Wednesday 8/9

{UPDATE} Czech Alphabet 4 school children & preschoolers Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kasun Balasooriya

Kasun Balasooriya

Lead Software Engineer @ IFS, Former intern at @ WSO2 inc.

More from Medium

Predicting Oil Well Profitability for SMBs

Veganism in Pakistan

SXSW horizon set on Stem Cell Biohack: my biased exhibitor pick

Hello from Manya