ESAPI Charter

From OWASP
Revision as of 08:41, 10 December 2008 by Jeff Williams (Talk | contribs)

Jump to: navigation, search

ESAPI Charter

The goal of the OWASP ESAPI Project is to ensure that "strong simple security controls are available to every developer in every environment."

1) Strong - strong controls do not contain vulnerabilities and provide complete protection against the threats they were designed for.

2) Simple - controls that are not easy to use will most likely be misused by developers and create vulnerability

3) Available - controls are available if they are present in the developer's environment in a way that makes them easy and obvious to use. The goal of the ESAPI project is not to replace good security controls that are already available in programming environments. Nor is it our goal to make developers access security controls directly. It's even better if the controls are already present or are integrated into a framework in a way that is invisible or automatic to developers.

4) Every Developer - It is difficult to imagine a developer that does not need a set of basic security controls in their environment, from students to senior architects.

5) Every Environment - Our initial target is server-side web environments, then we plan to extend to both web service environments and client side frameworks, and eventually other non-web programming environments.