#esapi.

Articles tagged with #esapi.

Hide direct object references to increase application security.

Whenever a user is about to access certain data within your web application you want to make sure, he has only acces his data, not other user's data. A critical measure to prevent vulnerabilities here, is to implement tight authorization checks on a functional level. This is very essential to security and should not be missed. Anyhow, you can increase security further with a fairly simple additional measure. User controlled keys To access a specific object, like a database record […]

Read more