This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP ESOP Framework

Jump to: navigation, search

OWASP Inactive Banner.jpg


  • (Amber: Please add content as you find best. Thanks, Paulo Coimbra)

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Enhancing Security Options Framework (ESOP Framework) (home page)
Purpose: Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:
  1. Remote code execution
  2. SQL injection
  3. Format string vulnerabilities
  4. Cross Site Scripting (XSS)
  5. Session hacking
  6. Denial of service (DoS) attacks
  7. Eavesdropping /Sniffing/ Phishing
  8. Identity Spoofing
  9. Man-in-the-Middle Attacks
  10. Username enumeration
    1. Instrumentation & Audits for:
    2. Critical Business Areas
    3. User Management
    4. Un-usual activities
    5. Interfaces Integrations
  11. IIS Tweaks
  12. Password Policy
License: GNU GPL V3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
current release
Release Road Map for the ESOP Framework:

1. Wave 1: Documentation and Wireframe of the service framework
2. Wave 2: Class and design diagram framework
3. Wave 3: Development of the framework
    1. Application layer development
    2. Data layer development
4. Wave 4: Integration
5. Wave 5: Alpha Testing
6. Wave 6: Beta Testing
7. Release & Publish
4. Project links (if any) to external sites: N.A.
5. Project License: GNU GPL V3.0

last reviewed release
Not Yet Reviewed

other releases