{"id":31491,"date":"2025-02-10T10:00:00","date_gmt":"2025-02-10T09:00:00","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=31491"},"modified":"2025-02-06T12:18:01","modified_gmt":"2025-02-06T11:18:01","slug":"scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/","title":{"rendered":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java &#8211; Parte 2"},"content":{"rendered":"\n<p>Nel panorama della sicurezza informatica, il Cross-Site Scripting (XSS) \u00e8 una delle vulnerabilit\u00e0 pi\u00f9 comuni e pericolose che possono minare la sicurezza di un&#8217;applicazione web. Dopo aver esplorato il tema della <a href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java\/\">SQL Injection nel primo articolo della nostra serie<\/a>, <strong>ci concentriamo ora su XSS<\/strong>, esaminandone i rischi e le strategie per prevenirlo scrivendo codice sicuro in Java.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-che-cos-e-il-cross-site-scripting-xss\">Che cos&#8217;\u00e8 il Cross-Site Scripting (XSS)?<\/h2>\n\n\n\n<p>Il <strong>Cross-Site Scripting \u00e8 una vulnerabilit\u00e0<\/strong> che consente a un malintenzionato di iniettare codice malevolo (solitamente <a href=\"https:\/\/www.codemotion.com\/magazine\/it\/frontend-it\/javascript-it\/come-programmare-con-javascript-tutto-sul-linguaggio-per-il-web\/\">JavaScript<\/a>) in una pagina web visualizzata da altri utenti. Questo codice <strong>viene eseguito nel contesto del browser della vittima<\/strong>, permettendo all\u2019attaccante di:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Rubare cookie, token di sessione e altre informazioni sensibili.<\/li>\n\n\n\n<li>Modificare dinamicamente il contenuto della pagina web.<\/li>\n\n\n\n<li>Reindirizzare la vittima a siti malevoli.<\/li>\n\n\n\n<li>Eseguire azioni dannose a nome della vittima.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tipologie-di-xss\">Tipologie di XSS<\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Stored XSS (Persistente):<\/strong> Il codice malevolo viene memorizzato sul server e consegnato a ogni utente che accede alla pagina.<\/li>\n\n\n\n<li><strong>Reflected XSS:<\/strong> Il payload viene incluso nella risposta HTTP solo per l&#8217;utente che ha inviato la richiesta contenente il codice malevolo.<\/li>\n\n\n\n<li><strong>DOM-Based XSS:<\/strong> Il codice viene iniettato direttamente nel DOM della pagina senza coinvolgere il server.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-potenziali-rischi\">Potenziali rischi<\/h2>\n\n\n\n<p>Un attacco XSS pu\u00f2 <strong>compromettere seriamente la sicurezza e l\u2019integrit\u00e0 di un\u2019applicazione<\/strong>. Tra le conseguenze pi\u00f9 gravi troviamo:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Violazione dei dati:<\/strong> Gli attaccanti possono sottrarre informazioni sensibili come credenziali e dati personali.<\/li>\n\n\n\n<li><strong>Accesso non autorizzato:<\/strong> Gli attaccanti possono agire come utenti legittimi per compromettere ulteriormente il sistema.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-come-scrivere-codice-sicuro-in-java-per-prevenire-xss\">Come scrivere codice sicuro in Java per prevenire XSS<\/h2>\n\n\n\n<p>La prevenzione del Cross-Site Scripting richiede una combinazione di sanitizzazione degli input, escaping dell\u2019output e corretta configurazione delle applicazioni web. Vediamo alcune strategie pratiche con esempi di codice Java.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-sanitizzazione-degli-input\">1. <strong>Sanitizzazione degli input<\/strong><\/h3>\n\n\n\n<p>Sanitizzare gli input significa rimuovere o neutralizzare i caratteri potenzialmente pericolosi prima di utilizzarli. Ad esempio:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">import<\/span> org.apache.commons.text.StringEscapeUtils;\n\npublic <span class=\"hljs-built_in\">String<\/span> sanitizeInput(<span class=\"hljs-built_in\">String<\/span> userInput) {\n    <span class=\"hljs-keyword\">return<\/span> StringEscapeUtils.escapeHtml4(userInput);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In questo esempio, utilizziamo la libreria Apache Commons Text per convertire i caratteri HTML pericolosi in entit\u00e0 sicure, come <code>\"&lt;\"<\/code> in <code>\"&amp;lt;\"<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-escaping-dell-output\">2. <strong>Escaping dell\u2019output<\/strong><\/h3>\n\n\n\n<p>Per impedire l\u2019esecuzione di codice iniettato, \u00e8 essenziale eseguire l\u2019escaping dei dati dinamici quando vengono inclusi in pagine HTML, JavaScript o attributi.<br>Esempio:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">import<\/span> org.owasp.encoder.Encode;\n\npublic <span class=\"hljs-built_in\">String<\/span> safeOutput(<span class=\"hljs-built_in\">String<\/span> userInput) {\n    <span class=\"hljs-keyword\">return<\/span> Encode.forHtml(userInput);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>La libreria OWASP Java Encoder \u00e8 una scelta eccellente per l\u2019escaping dell\u2019output.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-validazione-degli-input\">3. <strong>Validazione degli input<\/strong><\/h3>\n\n\n\n<p>Un approccio preventivo consiste nel consentire solo input che rispettano un formato specifico:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">import<\/span> java.util.regex.Pattern;\n\npublic boolean isValidInput(<span class=\"hljs-built_in\">String<\/span> input) {\n    <span class=\"hljs-built_in\">String<\/span> regex = <span class=\"hljs-string\">\"^&#91;a-zA-Z0-9 ]*$\"<\/span>; <span class=\"hljs-comment\">\/\/ Solo lettere, numeri e spazi<\/span>\n    <span class=\"hljs-keyword\">return<\/span> Pattern.matches(regex, input);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-content-security-policy-csp\">4. <strong>Content Security Policy (CSP)<\/strong><\/h3>\n\n\n\n<p>Configurare una Content Security Policy \u00e8 un\u2019altra linea di difesa efficace. CSP \u00e8 un header HTTP che impedisce l\u2019esecuzione di codice non autorizzato.<br>Esempio di configurazione in Spring Boot:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">import<\/span> org.springframework.context.annotation.Bean;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;\n<span class=\"hljs-keyword\">import<\/span> org.springframework.security.web.server.header.HttpHeadersWriter;\n\n@Bean\npublic HttpHeadersWriter contentSecurityPolicy() {\n    <span class=\"hljs-keyword\">return<\/span> <span class=\"hljs-keyword\">new<\/span> ContentSecurityPolicyHeaderWriter(<span class=\"hljs-string\">\"default-src 'self'; script-src 'self'\"<\/span>);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-uso-di-framework-sicuri\">5. <strong>Uso di framework sicuri<\/strong><\/h3>\n\n\n\n<p>Framework come Spring e Thymeleaf offrono meccanismi integrati per proteggere contro XSS. Ad esempio, Thymeleaf esegue automaticamente l\u2019escaping degli input dinamici:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"HTML, XML\" data-shcb-language-slug=\"xml\"><span><code class=\"hljs language-xml\"><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">p<\/span> <span class=\"hljs-attr\">th:text<\/span>=<span class=\"hljs-string\">\"${userInput}\"<\/span>&gt;<\/span><span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">p<\/span>&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">HTML, XML<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">xml<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In questo caso, <code>userInput<\/code> verr\u00e0 automaticamente escapato per prevenire XSS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusioni\">Conclusioni<\/h2>\n\n\n\n<p>Il Cross-Site Scripting \u00e8 una minaccia seria per la sicurezza delle applicazioni web, ma \u00e8 possibile <strong>prevenirlo adottando buone pratiche di programmazione<\/strong>. Sanitizzare gli input, eseguire l\u2019escaping dell\u2019output e configurare adeguatamente l\u2019applicazione sono misure fondamentali.<\/p>\n\n\n\n<p>Scrivere codice sicuro non \u00e8 solo una responsabilit\u00e0 tecnica, <strong>ma anche un impegno verso gli utenti e la loro fiducia.<\/strong><\/p>\n\n\n\n<p>Nel prossimo articolo della serie, <strong>esploreremo un\u2019altra vulnerabilit\u00e0 critica e come affrontarla<\/strong> nel contesto dello sviluppo Java.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nel panorama della sicurezza informatica, il Cross-Site Scripting (XSS) \u00e8 una delle vulnerabilit\u00e0 pi\u00f9 comuni e pericolose che possono minare la sicurezza di un&#8217;applicazione web. Dopo aver esplorato il tema della SQL Injection nel primo articolo della nostra serie, ci concentriamo ora su XSS, esaminandone i rischi e le strategie per prevenirlo scrivendo codice sicuro&#8230; <a class=\"more-link\" href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/\">Read more<\/a><\/p>\n","protected":false},"author":218,"featured_media":31958,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10228],"tags":[12854,11706],"collections":[11708,12402],"class_list":{"0":"post-31491","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cybersecurity-it","8":"tag-backend-it","9":"tag-java-it","10":"collections-dalla-community","11":"collections-codemotion-guides-it","12":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Scrivere codice sicuro: la guida essenziale per gli sviluppatori java<\/title>\n<meta name=\"description\" content=\"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java - Parte 2\" \/>\n<meta property=\"og:description\" content=\"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-10T09:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"peduz91\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@peduz91\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"peduz91\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/\"},\"author\":{\"name\":\"peduz91\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/452ca8d6219835e3b83660c0c86dfb98\"},\"headline\":\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java &#8211; Parte 2\",\"datePublished\":\"2025-02-10T09:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/\"},\"wordCount\":526,\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp\",\"keywords\":[\"Backend\",\"Java\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/\",\"name\":\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp\",\"datePublished\":\"2025-02-10T09:00:00+00:00\",\"description\":\"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp\",\"width\":1792,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/it\\\/cybersecurity-it\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java &#8211; Parte 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Codemotion.Italy\\\/\",\"https:\\\/\\\/x.com\\\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/452ca8d6219835e3b83660c0c86dfb98\",\"name\":\"peduz91\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/gp-100x100.jpg\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/gp-100x100.jpg\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/gp-100x100.jpg\",\"caption\":\"peduz91\"},\"description\":\"I am a software developer with a strong passion for development, technology, soccer and chess. I always like to challenge myself, I often try new things. I think the most important thing is to work well with the team.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/giuseppe-pedull-68ab8274\\\/\",\"https:\\\/\\\/x.com\\\/peduz91\"],\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/author\\\/peduz91\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java","description":"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/","og_locale":"en_US","og_type":"article","og_title":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java - Parte 2","og_description":"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.","og_url":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2025-02-10T09:00:00+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp","type":"image\/webp"}],"author":"peduz91","twitter_card":"summary_large_image","twitter_creator":"@peduz91","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"peduz91","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/"},"author":{"name":"peduz91","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98"},"headline":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java &#8211; Parte 2","datePublished":"2025-02-10T09:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/"},"wordCount":526,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp","keywords":["Backend","Java"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/","url":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/","name":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp","datePublished":"2025-02-10T09:00:00+00:00","description":"Scopri come scrivere codice sicuro in Java con questa guida per dev e impara le best practices per proteggere le tue applicazioni.","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp","width":1792,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/scrivere-codice-sicuro-la-guida-essenziale-per-gli-sviluppatori-java-parte-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/"},{"@type":"ListItem","position":3,"name":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori java &#8211; Parte 2"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98","name":"peduz91","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg","caption":"peduz91"},"description":"I am a software developer with a strong passion for development, technology, soccer and chess. I always like to challenge myself, I often try new things. I think the most important thing is to work well with the team.","sameAs":["https:\/\/www.linkedin.com\/in\/giuseppe-pedull-68ab8274\/","https:\/\/x.com\/peduz91"],"url":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-600x400.webp","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-600x600.webp","author_info":{"display_name":"peduz91","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp",1792,1024,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-150x150.webp",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-300x171.webp",300,171,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-768x439.webp",768,439,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-1024x585.webp",1024,585,true],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-1536x878.webp",1536,878,true],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed.webp",1792,1024,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-100x100.webp",100,100,true],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-180x128.webp",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-896x504.webp",896,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-400x225.webp",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-600x400.webp",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/01\/DALL\u00b7E-2025-02-06-12.08.45-A-visually-appealing-digital-illustration-of-a-Java-developer-coding-securely.-The-scene-features-a-programmer-working-on-a-laptop-with-code-displayed-600x600.webp",600,600,true]},"uagb_author_info":{"display_name":"peduz91","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"},"uagb_comment_info":0,"uagb_excerpt":"Nel panorama della sicurezza informatica, il Cross-Site Scripting (XSS) \u00e8 una delle vulnerabilit\u00e0 pi\u00f9 comuni e pericolose che possono minare la sicurezza di un&#8217;applicazione web. Dopo aver esplorato il tema della SQL Injection nel primo articolo della nostra serie, ci concentriamo ora su XSS, esaminandone i rischi e le strategie per prevenirlo scrivendo codice sicuro&#8230;&hellip;","lang":"it","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/31491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/218"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=31491"}],"version-history":[{"count":3,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/31491\/revisions"}],"predecessor-version":[{"id":31962,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/31491\/revisions\/31962"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/31958"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=31491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=31491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=31491"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=31491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}