├── .github ├── dependabot.yml └── workflows │ └── maven.yml ├── .gitignore ├── Ch04_OutputEscaping ├── pom.xml └── src │ └── main │ ├── resources │ └── ESAPI.properties │ └── webapp │ ├── index.jsp │ ├── resources │ └── css │ │ └── styles.css │ ├── withOutputEscaping.jsp │ └── withoutOutputEscaping.jsp ├── Ch04_OutputEscapingJSF ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ └── ContactController.java │ └── webapp │ ├── WEB-INF │ ├── faces-config.xml │ └── web.xml │ ├── contact.xhtml │ ├── index.xhtml │ └── resources │ └── css │ └── styles.css ├── Ch04_OutputEscapingJSP ├── pom.xml └── src │ ├── main │ ├── java │ │ └── de │ │ │ └── dominikschadow │ │ │ └── webappsecurity │ │ │ ├── OutputEscapingWebAppInitializer.java │ │ │ ├── WebConfig.java │ │ │ ├── controller │ │ │ ├── ContactController.java │ │ │ └── IndexController.java │ │ │ └── domain │ │ │ └── Contact.java │ ├── resources │ │ └── logback.xml │ └── webapp │ │ ├── WEB-INF │ │ └── views │ │ │ ├── contact.jsp │ │ │ └── index.jsp │ │ └── resources │ │ └── styles.css │ └── test │ └── java │ └── de │ └── dominikschadow │ └── webappsecurity │ └── controller │ ├── ContactControllerTest.java │ └── IndexControllerTest.java ├── Ch05_AccessReferenceMaps ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── AccountController.java │ │ ├── AccountIntegerController.java │ │ ├── AccountRandomController.java │ │ ├── AccountsDAO.java │ │ ├── AccountsIntegerDAO.java │ │ ├── AccountsRandomDAO.java │ │ ├── HibernateUtil.java │ │ └── domain │ │ ├── Account.java │ │ └── User.java │ ├── resources │ ├── ESAPI.properties │ ├── context.xml │ ├── hibernate.cfg.xml │ ├── import.sql │ └── logback.xml │ └── webapp │ ├── WEB-INF │ ├── faces-config.xml │ └── web.xml │ ├── account.xhtml │ ├── accountInteger.xhtml │ ├── accountRandom.xhtml │ ├── index.xhtml │ └── resources │ └── css │ └── styles.css ├── Ch05_HSTS ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── filter │ │ └── HSTSFilter.java │ │ └── servlets │ │ └── LoginServlet.java │ ├── resources │ └── logback.xml │ └── webapp │ ├── WEB-INF │ └── web.xml │ ├── index.jsp │ └── styles.css ├── Ch05_SessionFixation ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ └── servlets │ │ └── LoginServlet.java │ ├── resources │ ├── context.xml │ └── logback.xml │ └── webapp │ ├── index.jsp │ └── styles.css ├── Ch05_SessionHandling ├── pom.xml └── src │ └── main │ └── webapp │ ├── WEB-INF │ ├── faces-config.xml │ └── web.xml │ ├── index.xhtml │ └── resources │ └── css │ └── styles.css ├── Ch06_SQLInjection ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── domain │ │ └── Customer.java │ │ └── servlets │ │ ├── CustomerTable.java │ │ ├── HQLServlet.java │ │ ├── HibernateUtil.java │ │ ├── InitDbServlet.java │ │ ├── PreparedStatementServlet.java │ │ ├── StatementEscapingServlet.java │ │ └── StatementServlet.java │ ├── resources │ ├── ESAPI.properties │ ├── context.xml │ ├── hibernate.cfg.xml │ ├── import.sql │ └── logback.xml │ └── webapp │ ├── index.jsp │ └── styles.css ├── Ch06_XPathInjection ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ └── servlets │ │ ├── XPathEscapingServlet.java │ │ └── XPathServlet.java │ ├── resources │ ├── ESAPI.properties │ ├── customer.xml │ └── logback.xml │ └── webapp │ ├── index.jsp │ └── styles.css ├── Ch07_CSP ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── CSPReporting.java │ │ ├── WithCSPReportingServlet.java │ │ ├── WithCSPServlet.java │ │ └── WithoutCSPServlet.java │ ├── resources │ └── logback.xml │ └── webapp │ ├── index.jsp │ └── styles.css ├── Ch07_XSS ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── beans │ │ ├── CustomerController.java │ │ └── SearchController.java │ │ ├── daos │ │ ├── CustomerDAO.java │ │ └── HibernateUtil.java │ │ └── domain │ │ └── Customer.java │ ├── resources │ ├── context.xml │ ├── hibernate.cfg.xml │ ├── import.sql │ └── logback.xml │ └── webapp │ ├── WEB-INF │ ├── faces-config.xml │ └── web.xml │ ├── createCustomer.xhtml │ ├── index.xhtml │ ├── resources │ └── css │ │ └── styles.css │ ├── search.xhtml │ ├── searchCustomer.xhtml │ └── showCustomers.xhtml ├── Ch07_XSSFilter ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ └── filter │ │ ├── BlacklistFilter.java │ │ ├── BlacklistRequestWrapper.java │ │ ├── ESAPIFilter.java │ │ └── ESAPIRequestWrapper.java │ ├── resources │ └── ESAPI.properties │ └── webapp │ ├── WEB-INF │ └── web.xml │ ├── index.jsp │ ├── outputBlacklist.jsp │ ├── outputEsapi.jsp │ └── resources │ └── css │ └── styles.css ├── Ch07_XSSJSF ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── MaximumController.java │ │ ├── StandardController.java │ │ └── Status.java │ └── webapp │ ├── WEB-INF │ ├── faces-config.xml │ └── web.xml │ ├── index.xhtml │ ├── maximum.xhtml │ ├── resources │ └── css │ │ └── styles.css │ └── standard.xhtml ├── Ch08_CSRF ├── pom.xml └── src │ └── main │ ├── java │ └── de │ │ └── dominikschadow │ │ └── webappsecurity │ │ ├── servlets │ │ ├── ProtectedServlet.java │ │ └── UnprotectedServlet.java │ │ └── token │ │ └── CSRFTokenHandler.java │ ├── resources │ └── logback.xml │ └── webapp │ ├── form-protected.html │ ├── form-unprotected.html │ ├── form-working.jsp │ ├── image-protected.html │ ├── image-unprotected.html │ ├── index.jsp │ ├── requests-protected.html │ ├── requests-unprotected.html │ ├── resources │ └── css │ │ └── styles.css │ ├── xmlhttprequest-protected.html │ └── xmlhttprequest-unprotected.html ├── LICENSE ├── README.md └── pom.xml /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/maven.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/.github/workflows/maven.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/.gitignore -------------------------------------------------------------------------------- /Ch04_OutputEscaping/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/pom.xml -------------------------------------------------------------------------------- /Ch04_OutputEscaping/src/main/resources/ESAPI.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/src/main/resources/ESAPI.properties -------------------------------------------------------------------------------- /Ch04_OutputEscaping/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch04_OutputEscaping/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch04_OutputEscaping/src/main/webapp/withOutputEscaping.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/src/main/webapp/withOutputEscaping.jsp -------------------------------------------------------------------------------- /Ch04_OutputEscaping/src/main/webapp/withoutOutputEscaping.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscaping/src/main/webapp/withoutOutputEscaping.jsp -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/pom.xml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/java/de/dominikschadow/webappsecurity/ContactController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/java/de/dominikschadow/webappsecurity/ContactController.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/webapp/WEB-INF/faces-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/webapp/WEB-INF/faces-config.xml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/webapp/contact.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/webapp/contact.xhtml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/webapp/index.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/webapp/index.xhtml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSF/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSF/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/pom.xml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/OutputEscapingWebAppInitializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/OutputEscapingWebAppInitializer.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/WebConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/WebConfig.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/controller/ContactController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/controller/ContactController.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/controller/IndexController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/controller/IndexController.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/domain/Contact.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/java/de/dominikschadow/webappsecurity/domain/Contact.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/webapp/WEB-INF/views/contact.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/webapp/WEB-INF/views/contact.jsp -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/webapp/WEB-INF/views/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/webapp/WEB-INF/views/index.jsp -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/main/webapp/resources/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/main/webapp/resources/styles.css -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/test/java/de/dominikschadow/webappsecurity/controller/ContactControllerTest.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/test/java/de/dominikschadow/webappsecurity/controller/ContactControllerTest.java -------------------------------------------------------------------------------- /Ch04_OutputEscapingJSP/src/test/java/de/dominikschadow/webappsecurity/controller/IndexControllerTest.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch04_OutputEscapingJSP/src/test/java/de/dominikschadow/webappsecurity/controller/IndexControllerTest.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/pom.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountController.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountIntegerController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountIntegerController.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountRandomController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountRandomController.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsDAO.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsDAO.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsIntegerDAO.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsIntegerDAO.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsRandomDAO.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/AccountsRandomDAO.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/HibernateUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/HibernateUtil.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/domain/Account.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/domain/Account.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/domain/User.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/java/de/dominikschadow/webappsecurity/domain/User.java -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/resources/ESAPI.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/resources/ESAPI.properties -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/resources/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/resources/context.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/resources/hibernate.cfg.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/resources/hibernate.cfg.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/resources/import.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/resources/import.sql -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/WEB-INF/faces-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/WEB-INF/faces-config.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/account.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/account.xhtml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/accountInteger.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/accountInteger.xhtml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/accountRandom.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/accountRandom.xhtml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/index.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/index.xhtml -------------------------------------------------------------------------------- /Ch05_AccessReferenceMaps/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_AccessReferenceMaps/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch05_HSTS/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/pom.xml -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/java/de/dominikschadow/webappsecurity/filter/HSTSFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/java/de/dominikschadow/webappsecurity/filter/HSTSFilter.java -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/java/de/dominikschadow/webappsecurity/servlets/LoginServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/java/de/dominikschadow/webappsecurity/servlets/LoginServlet.java -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch05_HSTS/src/main/webapp/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_HSTS/src/main/webapp/styles.css -------------------------------------------------------------------------------- /Ch05_SessionFixation/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/pom.xml -------------------------------------------------------------------------------- /Ch05_SessionFixation/src/main/java/de/dominikschadow/webappsecurity/servlets/LoginServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/src/main/java/de/dominikschadow/webappsecurity/servlets/LoginServlet.java -------------------------------------------------------------------------------- /Ch05_SessionFixation/src/main/resources/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/src/main/resources/context.xml -------------------------------------------------------------------------------- /Ch05_SessionFixation/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch05_SessionFixation/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch05_SessionFixation/src/main/webapp/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionFixation/src/main/webapp/styles.css -------------------------------------------------------------------------------- /Ch05_SessionHandling/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionHandling/pom.xml -------------------------------------------------------------------------------- /Ch05_SessionHandling/src/main/webapp/WEB-INF/faces-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionHandling/src/main/webapp/WEB-INF/faces-config.xml -------------------------------------------------------------------------------- /Ch05_SessionHandling/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionHandling/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch05_SessionHandling/src/main/webapp/index.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch05_SessionHandling/src/main/webapp/index.xhtml -------------------------------------------------------------------------------- /Ch05_SessionHandling/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- 1 | h1 { 2 | font-size: 125%; 3 | } 4 | -------------------------------------------------------------------------------- /Ch06_SQLInjection/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/pom.xml -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/domain/Customer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/domain/Customer.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/CustomerTable.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/CustomerTable.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/HQLServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/HQLServlet.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/HibernateUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/HibernateUtil.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/InitDbServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/InitDbServlet.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/PreparedStatementServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/PreparedStatementServlet.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/StatementEscapingServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/StatementEscapingServlet.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/StatementServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/StatementServlet.java -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/resources/ESAPI.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/resources/ESAPI.properties -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/resources/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/resources/context.xml -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/resources/hibernate.cfg.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/resources/hibernate.cfg.xml -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/resources/import.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/resources/import.sql -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch06_SQLInjection/src/main/webapp/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_SQLInjection/src/main/webapp/styles.css -------------------------------------------------------------------------------- /Ch06_XPathInjection/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/pom.xml -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/XPathEscapingServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/XPathEscapingServlet.java -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/XPathServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/java/de/dominikschadow/webappsecurity/servlets/XPathServlet.java -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/resources/ESAPI.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/resources/ESAPI.properties -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/resources/customer.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/resources/customer.xml -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch06_XPathInjection/src/main/webapp/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch06_XPathInjection/src/main/webapp/styles.css -------------------------------------------------------------------------------- /Ch07_CSP/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/pom.xml -------------------------------------------------------------------------------- /Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/CSPReporting.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/CSPReporting.java -------------------------------------------------------------------------------- /Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithCSPReportingServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithCSPReportingServlet.java -------------------------------------------------------------------------------- /Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithCSPServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithCSPServlet.java -------------------------------------------------------------------------------- /Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithoutCSPServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/java/de/dominikschadow/webappsecurity/WithoutCSPServlet.java -------------------------------------------------------------------------------- /Ch07_CSP/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch07_CSP/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch07_CSP/src/main/webapp/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_CSP/src/main/webapp/styles.css -------------------------------------------------------------------------------- /Ch07_XSS/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/pom.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/CustomerController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/CustomerController.java -------------------------------------------------------------------------------- /Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/SearchController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/SearchController.java -------------------------------------------------------------------------------- /Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/CustomerDAO.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/CustomerDAO.java -------------------------------------------------------------------------------- /Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/HibernateUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/HibernateUtil.java -------------------------------------------------------------------------------- /Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/domain/Customer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/domain/Customer.java -------------------------------------------------------------------------------- /Ch07_XSS/src/main/resources/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/resources/context.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/resources/hibernate.cfg.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/resources/hibernate.cfg.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/resources/import.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/resources/import.sql -------------------------------------------------------------------------------- /Ch07_XSS/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/WEB-INF/faces-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/WEB-INF/faces-config.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/createCustomer.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/createCustomer.xhtml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/index.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/index.xhtml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/search.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/search.xhtml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/searchCustomer.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/searchCustomer.xhtml -------------------------------------------------------------------------------- /Ch07_XSS/src/main/webapp/showCustomers.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSS/src/main/webapp/showCustomers.xhtml -------------------------------------------------------------------------------- /Ch07_XSSFilter/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/pom.xml -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/BlacklistFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/BlacklistFilter.java -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/BlacklistRequestWrapper.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/BlacklistRequestWrapper.java -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/ESAPIFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/ESAPIFilter.java -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/ESAPIRequestWrapper.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/java/de/dominikschadow/webappsecurity/filter/ESAPIRequestWrapper.java -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/resources/ESAPI.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/resources/ESAPI.properties -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/webapp/outputBlacklist.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/webapp/outputBlacklist.jsp -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/webapp/outputEsapi.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/webapp/outputEsapi.jsp -------------------------------------------------------------------------------- /Ch07_XSSFilter/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSFilter/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch07_XSSJSF/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/pom.xml -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/MaximumController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/MaximumController.java -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/StandardController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/StandardController.java -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/Status.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/java/de/dominikschadow/webappsecurity/Status.java -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/WEB-INF/faces-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/WEB-INF/faces-config.xml -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/index.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/index.xhtml -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/maximum.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/maximum.xhtml -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch07_XSSJSF/src/main/webapp/standard.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch07_XSSJSF/src/main/webapp/standard.xhtml -------------------------------------------------------------------------------- /Ch08_CSRF/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/pom.xml -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/servlets/ProtectedServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/servlets/ProtectedServlet.java -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/servlets/UnprotectedServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/servlets/UnprotectedServlet.java -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/token/CSRFTokenHandler.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/java/de/dominikschadow/webappsecurity/token/CSRFTokenHandler.java -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/resources/logback.xml -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/form-protected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/form-protected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/form-unprotected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/form-unprotected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/form-working.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/form-working.jsp -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/image-protected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/image-protected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/image-unprotected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/image-unprotected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/requests-protected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/requests-protected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/requests-unprotected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/requests-unprotected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/resources/css/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/resources/css/styles.css -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/xmlhttprequest-protected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/xmlhttprequest-protected.html -------------------------------------------------------------------------------- /Ch08_CSRF/src/main/webapp/xmlhttprequest-unprotected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/Ch08_CSRF/src/main/webapp/xmlhttprequest-unprotected.html -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/README.md -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dschadow/Java-Web-Security/HEAD/pom.xml --------------------------------------------------------------------------------