Preventing XSS and CSRF vulnerabilities in WSO2 ESB
INTRODUCTION In this article I will explain you how to prevent Cross Site Scripting and Cross-Site Request Forgery (CSRF) attacks in WSO2 ESB. First let me explain you what are those vulnerabilities. What is XSS Cross Site Scripting (XSS) is a client side code injection attack where an attacker can execute malicious scripts into a legitimate website or web application. XSS is a very common vulnerability exists in web applications and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. For an example an attacker can inject a malicious script into an input textfield of your web application, and once the form is submitted that malicious script get executed, leading to catastrophic consequences. What is Cross-Site Request Forgery (CSRF) CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim'