This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "GPC Project Details/OWASP Enterprise Security API"

From OWASP
Jump to: navigation, search
m (Added Jeremiah Stacey as a contributor.)
 
(10 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
| project_name = OWASP Enterprise Security API
 
| project_name = OWASP Enterprise Security API
| project_description = Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. '''OWASP Enterprise Security API (ESAPI) Toolkits''' help software developers guard against security‐related design and implementation flaws. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
+
| project_description = ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
  
 
* '''There is a set of security control interfaces.''' They define for example types of parameters that are passed to types of security controls.  
 
* '''There is a set of security control interfaces.''' They define for example types of parameters that are passed to types of security controls.  
Line 8: Line 8:
  
 
* '''There are optionally your own implementations for each security control.''' There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.
 
* '''There are optionally your own implementations for each security control.''' There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]
+
| project_license =BSD license
| leader_name = Jeff Williams
+
| leader_name =Kevin W. Wall and Matt Seil
| leader_email = jeff.williams@owasp.org
+
| leader_email =kevin.w.wall@gmail.com
| leader_username = Jeff_Williams
+
| past_leaders_special_contributions =Jeff Williams, Dave Wichers, Chris Schmidt, Jim Manico
| past_leaders_special_contributions =  
+
| maintainer_name =
| maintainer_name = Mike Boberski
+
| maintainer_email =
| maintainer_email = [email protected]
+
| maintainer_username =
| maintainer_username = mike.boberski
+
| contributor_name1 = Jeremiah J. Stacey
| contributor_name1 =  
+
| contributor_email1 =
| contributor_email1 =  
+
| contributor_username1 =
| contributor_username1 =  
+
| contributor_name2 = Chris Schmidt
| contributor_name2 =  
+
| contributor_email2 = [email protected]
| contributor_email2 =  
+
| contributor_username2 = Chris_Schmidt
| contributor_username2 =  
+
| contributor_name3 =
| contributor_name3 =  
+
| contributor_email3 =
| contributor_email3 =  
+
| contributor_username3 =
| contributor_username3 =  
+
| contributor_name4 =Jeff Williams
| contributor_name4 =  
+
| contributor_email4 =
| contributor_email4 =  
+
| contributor_username4 =
| contributor_username4 =  
+
| contributor_name5 =Dave Wichers
| contributor_name5 =  
+
| contributor_email5 =
| contributor_email5 =  
+
| contributor_username5 =
| contributor_username5 =  
+
| contributor_name6 =John Steven
| contributor_name6 =  
+
| contributor_email6 =
| contributor_email6 =  
 
 
| contributor_username6 =  
 
| contributor_username6 =  
| contributor_name7 =  
+
 
| contributor_email7 =  
+
| contributor_name7 =
| contributor_username7 =  
+
| contributor_email7 =
| contributor_name8 =  
+
| contributor_username7 =
| contributor_email8 =  
+
| contributor_name8 =
| contributor_username8 =  
+
| contributor_email8 =
| contributor_name9 =  
+
| contributor_username8 =
| contributor_email9 =  
+
| contributor_name9 =
| contributor_username9 =  
+
| contributor_email9 =
| contributor_name10 =  
+
| contributor_username9 =
| contributor_email10 =  
+
| contributor_name10 =
| contributor_username10 =
+
| contributor_email10 =
 +
| contributor_username10 =
 +
|
 
| pamphlet_link = http://www.owasp.org/images/8/81/Esapi-datasheet.pdf
 
| pamphlet_link = http://www.owasp.org/images/8/81/Esapi-datasheet.pdf
 
| presentation_link = http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt
 
| presentation_link = http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt
Line 51: Line 52:
 
| links_url1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
 
| links_url1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
 
| links_name1 = General ESAPI information
 
| links_name1 = General ESAPI information
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE
+
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API/Sub-Projects
| links_name2 = ESAPI for Java EE
+
| links_name2 = ESAPI/Sub-Projects
| links_url3 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET
 
| links_name3 = ESAPI for .NET
 
| links_url4 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Classic_ASP
 
| links_name4 = ESAPI for Classic ASP
 
| links_url5 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP
 
| links_name5 = ESAPI for PHP
 
| links_url6 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML
 
| links_name6 = ESAPI for ColdFusion/CFML
 
| links_url7 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python
 
| links_name7 = ESAPI for Python
 
| links_url8 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=JavaScript
 
| links_name8 = ESAPI for JavaScript
 
| links_url9 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Haskell
 
| links_name9 = ESAPI for Haskell
 
| links_url10 =
 
| links_name10 =
 
 
| project_road_map =  
 
| project_road_map =  
 
| project_health_status =  
 
| project_health_status =  

Latest revision as of 03:11, 29 May 2019

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Enterprise Security API

Purpose: ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

License: BSD license

who is working on this project?
Project Leader: Kevin W. Wall and Matt Seil @

Project Maintainer:

Project Contributor(s):

  • Jeremiah J. Stacey
  • Chris Schmidt @
  • Jeff Williams
  • Dave Wichers
  • John Steven
how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Kevin W. Wall and Matt Seil @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.