ESAPI Secure Coding Guideline

=Using Security Controls=

Input Validation and Encoding

 * The application shall use an EncryptedProperties to store all security relevant data, such as passwords, credentials, codes, configuration information, addresses, etc…

Cross Site Request Forgery
=Banned APIs=

The following calls are dangerous and should be replaces with the safer calls provided by ESAPI.