This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Enterprise Security API"
| Line 44: | Line 44: | ||
There is also quite a bit of information in the javadoc documentation for the project, and the installation and build guide. | There is also quite a bit of information in the javadoc documentation for the project, and the installation and build guide. | ||
| + | |||
| + | [[Category:OWASP Download]] | ||
| + | [[Category:OWASP Project]] | ||
| + | [[__NOTOC__]] | ||
Revision as of 19:02, 20 January 2008
OWASP Enterprise Security API (ESAPI) Project
The ESAPI is a collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point.
Unfortunately, the available platforms, frameworks, and toolkits (Java EE, Struts, Spring, etc...) simply do not provide enough protection. This leaves developers with responsibility for designing and building security mechanisms. This reinventing the wheel for every application leads to wasted time and massive security holes.
The ESAPI architecture is very simple, just a collection of classes that encapsulate the key security operations most applications need.
- Code repository (subversion): http://code.google.com/p/owasp-esapi-java/
- Report issues: http://code.google.com/p/owasp-esapi-java/issues/list
Architecture
The ESAPI covers most of the key security challenges facing application developers. ESAPI provides the capability for developers to create applications that are protected against almost all of the risks described in the OWASP Top Ten. Compare this coverage with automated scanning and static analysis tools, and then consider how your time is best spent.
There are two key parts to the ESAPI:
- A set of interfaces
- A reference implementation
By using the ESAPI, applications across an organization will be easier to develop, more consistent, and easier to update in a single place. The use of the ESAPI will make it much easier for static analysis tools to verify an application, as the ESAPI calls can be built into the ruleset.
Join the OWASP ESAPI mailing list and help make ESAPI better!
Download Now
This release is the first public release and will undoubtably undergo significant revision over the coming months. We are seeking organizations willing to pilot this ESAPI and work with us to make this library better. Please contact [email protected] for more information.
Documentation
Lots more information in the PowerPoint presentation contained in the documentation folder in the full release zip file.
There is also quite a bit of information in the javadoc documentation for the project, and the installation and build guide.[[]]
Pages in category "OWASP Enterprise Security API"
The following 27 pages are in this category, out of 27 total.
C
E
- EASPI
- ESAPI Swingset
- ESAPI
- ESAPI Access Control
- ESAPI ClassicASP Readme
- ESAPI ColdFusion CFML Readme
- ESAPI Contributions
- ESAPI DotNET Readme
- ESAPI Javadocs
- ESAPI JavaScript Readme
- ESAPI Mapping
- ESAPI Plan
- ESAPI Python Readme
- ESAPI Secure Coding Guideline
- ESAPI Specification
- ESAPI Summit
- ESAPI-Building
- ESAPI-BuildingWithEclipse
