OWASP Java Encoder

This project will help Java web developers defend against Cross Site Scripting!

  • Partial safe harbor
Submit report

We no longer offer point rewards for submissions on this program. Please refer to our blog post: How Bugcrowd sees VDPs and points for more details.

Program stats

  • Vulnerabilities accepted 0

Latest hall of famers

View the hall

Recently joined this program

14 total

OWASP supports many volunteers efforts to produce security libraries which at the same time are used by many companies and developers, in order to secure their applications. This bounty program for Java Encoder project run by OWASP is to determine the protection level claimed by the library and verify that indeed the protected application is not vulnerable to XSS attacks when using the library.

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage.

Rewards

OWASP may provide rewards to eligible reporters of qualifying vulnerabilities.

Getting Started Guide

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.