Remediation

This page lists common mitigation adopted by developers for application security issues. This is a growing list. If you find good links or tutorials, please let me know

Cross Site Scripting 

  1. http://www.jtmelton.com/2009/01/12/the-owasp-top-ten-and-esapi-part-2-cross-site-scripting-xss/
  2. https://www.owasp.org/index.php/Struts

 

Cross Site Request Forgery

  1. https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
  2. https://www.ibm.com/support/knowledgecenter/en/SSZLC2_7.0.0/com.ibm.commerce.admin.doc/tasks/tsecsrfp.htm

 

UnRestricted File Upload

  1. https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability

 

SQL Injection

  1. https://msdn.microsoft.com/en-us/library/ff648339.aspx
  2. https://www.ibm.com/support/knowledgecenter/en/SSEPEK_10.0.0/seca/src/tpc/db2z_preventsqlinjection.html

 

Click Jacking

  1. https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
  2. https://support.microsoft.com/en-in/help/2694329/mitigating-framesniffing-with-the-x-frame-options-header

 

Session Time Out

  1. https://philipnye.com/posts/advanced-isam-session-timeout-capabilities/
  2. https://docs.oracle.com/cd/E14004_01/books/Secur/Secur_SSOAuth21.html

 

XML – Disable DTD and prevent entity expansion attacks

  1. http://stackoverflow.com/questions/20936401/turn-off-dtd-validation-for-scala-xml-xml

 

 

The HPE Fortify blog also has a general mitigation guide for resolving common security issues. If I find any good article that details specific steps, I will include them above.

https://vulncat.hpefod.com/en