Have you just downloaded orizon-20070402.jar and do you want to use Bastion but you can’t since orizon lacks of documentation? (Yes, I know… I’ll include javadoc in development jar ASAP).
The answer is quite simple… just read Orizon developer blog. 
(more…)
New Orizon release with Bastion inside.
Hope to reach 100 download
I published at work a small web application with 2 JSP pages both vulnerable to XSS attack.
Meanwhile the first page is vulnerable, the second one uses Bastion XSSString to store data from request instead of using String classic object and it doesn’t seem to be vulnberable at all.
Of course no magic indeed, but embedding input filtering in Java class constructor. The main advantage is that this approach works for all people pointing out that reviewing the code is too expensive in code changes terms for them.
Changing a line of code their harden their application… sounds good for me.
This article by Shunmuga Raja it’s simply awesome.
I think I’m gonna use java6 in Orizon development for having such wonderfull feature…
Great, great, great 