Tag Archives: struts

Preventing XSS Vulnerabilities in Web Frameworks

The protection offered by web frameworks is only useful if it is enabled. On several occasions I’ve seen developers explicitly disable the ‘safe’ output mechanisms provided by the framework.

Bean introspection

Have a naming convention or don’t. But if you do have one, don’t stick some obscure fudge in there. Hacks and fudges will catch up with you and bite you in the bottom.