This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

AppSecEU08 The OWASP ESAPI project

Revision as of 19:27, 15 April 2008 by Wichers (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Title: Fundamental Application Security Building Blocks - The Benefits of Establishing an Enterprise Security API (ESAPI) for Your Organization

Nobody would trust the safety of a car built by people with no safety experience from parts they designed and made themselves or found lying around. Trying to build secure applications without solid vetted security controls is similarly impossible. To solve this problem, we have created the OWASP ESAPI project. In this talk, Dave Wichers will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, give you something concrete to measure, and dramatically cut costs all at the same time.

The ESAPI is a free and open collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point. In concept, the API is language independent. However, the first deliverables from the project are a Java API and a Java reference implementation. Efforts to build ESAPI in .NET and PHP are already underway.

About the Speaker: Dave Wichers is a cofounder and Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. Dave is also a member of the OWASP board, is the OWASP Conferences Chair, and is a coauthor of the OWASP Top Ten. OWASP is a worldwide free and open community focused on improving the security of application software. Mr. Wichers has over 20 years of experience in the information security field, and has focused exclusively on application security for the past 10 years. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Mr. Wichers has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.