This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

GPC Project Details/OWASP Enterprise Security API

From OWASP
Revision as of 18:24, 8 September 2017 by Kevin W. Wall (talk | contribs) (Update ESAPI project leaders.)

Jump to: navigation, search
PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Enterprise Security API

Purpose: ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

License: BSD license

who is working on this project?
Project Leader: Kevin W. Wall and Matt Seil @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Kevin W. Wall and Matt Seil @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.