You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by "Brown, Berlin [PRI-1PP]" <Be...@Primerica.com> on 2014/02/09 01:13:30 UTC

Web app vulnerability protection in wicket (csrf)

Does wicket have support for top vulnerabilities?  Mainly I am trying to protect against cross site scripting and cross site request forgery attacks.

I haven't found anything yet  explicitly for those attacks but for CSRF, I was going to try to use the encrypted URL strategy.  (And I am assuming the default URL versioning strategy or the random parameter on the url is not a full protection against those attacks?).

Also, for csrf, is there an easy way to inject tokens for each request, if those tokens are valid, then we could generate an error.

Note: I am assuming an ancient version of wicket.1.4.x(1.4.15).

----