This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Enterprise Security API ESAPI for C Plus Plus

Revision as of 01:01, 12 March 2012 by Mark.bristow (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

OWASP Enterprise Security API (ESAPI) for C Plus Plus
ESAPI is a free, open source, application security control library that makes it easier for programmers to write lower-risk applications. This presentation will give background on the ESAPI project as a whole, and focus on the C++ specific version. The initial ESAPI for C++ release is planned to happen in April 2012 and will be cross-platform, and compiler agnostic.
Key points:
-ESAPI Project Overview -ESAPI for C Plus Plus -Integrating Security Controls (DEMO) -ESAPI Future (3.0)
The ESAPI Project Overview will summarize what an Enterprise Security API is, why it is needed, and how it is meant to be incorporated into an application architecture.
Why is building an ESAPI for C++ necessary and relevent to developers? What approach has been taken to building the C++ API, and how does this relate to other ESAPI projects? Lots of thought has been put into the architecture and libraries that are being used in the ESAPI for C++. This presentation will provide details on the project and it's current state, as well as future plans, and how to get involved.
Integrating Security Controls will be a short demonstration on how to use the ESAPI for C++ to add security to a vulnerable application.
The ESAPI project is continuing to evolve and there are exciting plans for the 3.0 specification. This will include an ESAPI Community, a Pluggable Architecture, and lots of Documentation and Tutorials.

The Speakers

Dan Amodio

Owasp logo normal.jpg
Dan Amodio is a Security Engineer at Aspect Security, where he provides application security services to a variety of clients. His experience spans a wide variety of IT departments to include software development, penetration testing, code review, architecture review, hardware and software technical support, along with active participation in The Open Web Application Security Project (OWASP). Dan has over ten years of programming experience in a variety of languages.

Outside of work, Dan enjoys spending time with his wife and daughter. He is a longtime musician, and exercises his attention to detail through performing, recording and sound engineering.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg