This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

User talk:Stephendv

Revision as of 07:52, 17 September 2006 by Stephendv (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


I just wanted to ask is their any example Java code that shows how you can make web app in J2EE more safe, or do you just talk about it an describe it???

Their are no example???

i.e. for effective Java Sessions and login handling???



Hi Manj, there is no single way to make a web application more secure- instead there are many aspects of the development and configuration that you need to consider. The OWASP Guide Project is the best source of this information right now. Currently in the Java project there are some code examples that illustrate specific aspects of security, have a look at the JCaptcha and JAAS Timed Login Module projects on the java project home page.

I am currently looking at building an example skeleton application that provides authentication, access control and user management features- but this is still at inception stage. If you'd like to get started with a reasonably secure app, try the springframeworks example apps, or appfuse.

regards, Stephen