Category: OWASP

Cookie Not Marked as HttpOnly

HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks. Solution <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in IT industry more than 7 years. NarayanaTutorial is my web […]

Cross‐site Request Forgery

NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in IT industry more than 7 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting and Website Development. I am a self learner and passionate about training and […]

How to disable dangerous http methods in apache tomcat server

How to disable dangerous http methods in apache tomcat server Some of the http methods are dangerous and using these http methods may easily hack the application like executing the remote script execution, sql injection, click jacking etc… So dangerous http methods need to be restricted. We need to disable dangerous http method in both […]