Recently, out Java Web App went through a Veracode security scan. Since the application is used by over 25,000 users world wide, I do see it as important that this scan took place. Although, I have placed some anti-XSS (Cross site scripting) code into the app over time due to other security professionals evaluating our software, Veracode brought to light over 300 vulnerabilities in the software that I was quite aware of.
Therefore, I am now obliged to address these vulnerabilities and provide our software a passing score of at least 70 in the eyes of Veracode.
Over the next few weeks, I will be submitting detailed code and instructions on how to do this.
Let the hackers beware, for javaclaus draws near.