how to fix XSS Reflected in java - xss

I got fortify report which shows XSS Reflected defect from the below 2nd line.
String name = request.getParameter("name");
response.getWriter().write("Name: " + name);
Recommendation given: All user input displayed to web clients should HTML encoded and validated.
This is java code and I am not sure about how to fix this.

A simple way, you can just use the OWASP Enterprise Security API (Java Edition) :
String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) );
See those link:
OWASP Enterprise Security API (Java Edition) Documentation
OWASP Enterprise Security API (Java Edition) Code Example

Related

Microsoft Dynamics CRM Online (2013) - Get number of tickets via API

I use Dynamics CRM Online (2013) to manage daily incident tickets, daily requests and change requests. I'd like to use their API and pull this information into a custom application to display them on a dashboard.
Basically what I want to do is to be able to grab the number of open tickets using my application. Then it'll publish this information to elsewhere. It's a Java application running on a Windows server.
Can you please point me in the correct direction?
MSDN lists a walkthrough (click here to see it) (it's related to CRM Online 2011, but since most of the info is still accurate I'd say it's worth a try) aimed exactly at connecting to CRM Online fom Java.
The prerequisites listed are
Java SE SDK 1.6 update 23 or later
Eclipse 3.7.x and above or NetBeans 6.9x or later
Apache Axis 2 ver. 1.6.1
Apache HTTP Components Client 4.1.3
Microsoft Dynamics CRM Online
You're going to have to generate the classes (in .NET you use crmsvcutil.exe, it's roughly equivalent) and then you should be all set.

PowerShell Web Services (Management oData IIS Extensions)?

There are references to this "Loch Ness" feature across Microsoft's announcements for both PoSh3 & 4; however, I am unable to locate useful, current documentation on PSWS. I even went as far as to spin up a VM and installed related roles, features, and downloadable binaries from Microsoft's referenced sites. The only content, binaries, and help that I could find is a year old and is very poorly documented. Microsoft's own MSDN pages about Management oData IIS Extensions is still incomplete. (and doesn't work on W2k12 or W2k12R2) While another section of MSDN covers the oData classes, it does not cover how to utilize the PSWS / IIS extensions with the required schema designer...etc.
All that so you know that I've done the research but am unable to find sufficient & current documentation on how to employ PSWS / Management oData IIS extensions. Does anyone know who to contact within Microsoft to get this information? Or has anyone recently used the oData / PSWS Schema Designer to create a PoSh odata service?
TIA.
-Eric
Have a look in the url below if you haven't already. there's a doc inside the zip file.
http://archive.msdn.microsoft.com/mgmtODataWebServ/Release/ProjectReleases.aspx?ReleaseId=5728
Here's a newer link to the MSDN doc:
http://msdn.microsoft.com/en-us/library/hh880865(v=vs.85).aspx

MS Access and SOAP, XMLRPC etc

I have been searching high and low on Google and finding very little information on using Web services with MS Access 2007. I'm sure this is possible somehow but I can't find any relevant information.
Any ideas?
Have a look a Danny Delasandrini's article on consuming web services from Access. That should get you started, at least, (though it predates A2007 and A2010).
Yeah, what has worked for me in the past is to build a com-callable .NET component, install it on the user's machine, and reference the COM-interface from the access database using VBA.
I was developing and integration between MS Access 2010 and WordPress 4.0 using XMLRPC. I documented the process and some code in 8 articles:
1) Post publish
2) File upload
3) Featured image
4) Custom Type
5) Custom Fields
6) The complete proccess
7) Security
8) Post delete
I hope it will be helpful for somebody. It was very difficult to me to find documentation.
But it works like a charm!

Glassfish, railo and coldbox - messed up links?

I am new to ColdFusion and ColdBox (and programming). I tried to setup ColdBox but some of the links in the sample applications are broken.
My configuration is a GlassFish v3 installation with the current Railo OSS. I access my site through Apache 2.2.14.
So instead of http://127.0.0.1:8080/railo/ I access my environment trough http://railo/.
In Railo I have a webroot mapping / to C:/webapps/myproject/.
I have copied the current ColdBox 3M4 to C:/webapps/myproject/coldbox. I can access the dashboard through http://railo/coldbox/dashboard/index.cfm and have access to all options.
My problems start the moment I try to open the sample gallery:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented
it from fulfilling this request.
exception
java.io.FileNotFoundException: C:\webapps\viss-dev\coldbox\samples
(Zugriff verweigert)
note The full stack traces of the exception and its root causes are
available in the GlassFish v3 logs.
GlassFish v3
OK, no problem, just enter the link directly: http://railo/coldbox/samples/index.cfm.
The site looks plain, who cares - BUT all local links look like this: http://127.0.0.1:8080/coldbox/samples/applications/helloworld/index.cfm (railo is replaced with 127.0.0.1:8080).
Looks like trouble. To make my confusion perfect: when I try to access the login app: http://railo/coldbox/samples/applications/sampleloginapp/index.cfm and hit the submit button, I am redirected to this address: http://railo/railo/coldbox/samples/applications/sampleloginapp/index.cfm.
I believe that this is not really ColdBox-related, but it manifests itself when I try to use ColdBox, so here I am.
P.S.: amazon.de takes too long to ship the ColdBox book :(
Here's a suggestion, The good people at Vivotech have developed a couple of different installers for both Windows/IIS7 and various flavours of Linux for both Railo and Open BlueDragon. The setup installs Tomcat, Railo/Open Blue Dragon and the necessary connectors to the web server. Here's the link: http://www.viviotech.net/company/installers.cfm
I think you'll find using the installers to be a lot easier than working through it yourself. If you want to go that route, Adobe and various bloggers have instructions on how to do it. Matt Woodward has a very good blog posting on it: see MattWoodward.com, He also has a presentation on this, you can see it here.
hth,
larry
Since you are new to ColdFusion (and programming in general), I would recommend developing against Adobe ColdFusion. The Developer Edition of ColdFusion is free and available from Adobe.com. You won't need to mess around or configure GlassFish since Adobe ColdFusion comes with a baked-in pre-configured Tomcat, providing both servlet engine and web server.
Just install the 'Stand-alone' version of ColdFusion Developer Edition, copy the ColdBox files into the webroot and in less than 15 minutes you be up and running.
You should also check out ColdFusion Builder which is currently available in beta from http://labs.adobe.com. It has full language support and integrated help content for learning the ins-outs of the language.
As far as the ColdBox book goes, it's available as an eBook if you really can't wait. ;-)
DISCLAIMER: I spend about 50% of my waking life devoted to making ColdFusion better as the CF Product Manager at Adobe. :-)
i have given up on glassfish and i am now struggling with tomcat :D

How to build stand-alone SOAP web services using Delphi?

How can I build a stand-alone SOAP-based Web Services using Delphi? Must work with Delphi 2009, but it'd be nice if it worked with older ones too.
The built-in WebBroker Web Services creates CGI or ISAPI. It would be nice to create a stand-alone executable that I can control from bottom to top, especially during development.
RemObjects SDK for Delphi (RO/Delphi).
Different messaging formats are
provided, including our own highly
efficient binary BinMessage format, as
well as support for SOAP, XML-RPC and
- new - JSON encoding, in case you want to make your servers accessible
to clients not using RO, or write
clients to access Web Services
provided by others.
Dave Nottage wrote Building a stand-alone Web service with Indy (source code).
This article explains how to fit Indy
into Delphi 6's Web services (SOAP)
support.
According to the comment on the page, it works with Delphi 2009 with some modification.
Edit: People in Indy 10 and IdHTTPWebBrokerBridge with CBuilder 2009 posted modified version. For example, IdHTTPWebBrokerBridge.pas is by Jochanan van der Niet.
It should be possible to build a web service with VCL for the Web (formerly: Intraweb). It has an option of creating a standalone executable that contains both: web server and web application
In D7 I used IdHTTPWebBrokerBridge (Indy 9). But i don't know if it is still available in D2009.
There are a series of SOAP articles on Dr. Bob's website and specifically there is RAD Studio 2007 XML, SOAP and Web Services Development manual, but it's 99 Euro.
Something I used in the past was idRunner which is an extension to the indy library and it allows you to develop ISAPI dll's which your application then runs. The advantage of this approach, is you can deploy a standalone application to run your soap service, that can easily be deployed via IIS at a later date.
For debugging, I strongly suggest the idDebugger on the same page. It makes debugging ISAPI applications very easy.
Here is a step-by-step solution "Delphi 7 Indy Standalone Web Services/SOAP Server" which looks like it can be useful for Delphi 2009 too:
http://www.digicoast.com/delphi_soap_standalone.html
Update:
this solutions uses IdHTTPWebBrokerBridge, it can be used in Delphi 2009 with minor changes.