Ways to prevent SQL Injection Attack & XSS in Java Web Application

Question

I\'m writing a java class which would be invoked by a servlet filter and which checks for injection attack attempts and XSS for a java web application based on Struts. The Injec

Answer 1

Take a look at the AntiSamy project [www.owasp.org]. I think it is exactly what you want; you can setup a filter to block certain tags. They also supply policy templates, the slashdot policy would be a good start, then add on the tags you require.

Also, there is a wealth of knowledge on the www.osasp.org website about securing your application.

What user 'nemo' says about using prepared statements and encoding should also be performed.