Introduction. Content Security Policy (CSP) is an effective "defense in depth" technique to be used against content injection attacks. It is a declarative policy that informs the user agent what are valid sources to load from. Injection Prevention Cheat Sheet; Injection Prevention Cheat Sheet in Java; JSON Web Token (JWT) Cheat Sheet for Java; Input Validation; Insecure Direct Object Reference Prevention; JAAS; Key Management; LDAP Injection Prevention; Logging; Mass Assignment Cheat Sheet.NET Security; OS Command Injection Defense Cheat Sheet; OWASP Top Ten ... Dec 03, 2018 · Introduction. XML eXternal Entity injection (XXE), which is now part of the OWASP Top 10, is a type of attack against an application that parses XML input.. XXE issue is referenced under the ID 611 in the Common Weakness Enumeration referential. This article will describe how to protect your J2EE application from XSS using ESAPI. As with all of the detail articles in this series, if you need a refresher on OWASP or ESAPI, please see the intro article The OWASP Top Ten and ESAPI.