Difference between revisions of "ESAPI Swingset"

From OWASP
Jump to: navigation, search
(Download/Run)
 
(39 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
==== Main ====
 +
 
The ESAPI Swingset is a web application which demonstrates the many uses of the Enterprise Security API ([[ESAPI]]).
 
The ESAPI Swingset is a web application which demonstrates the many uses of the Enterprise Security API ([[ESAPI]]).
  
Swingset is now in beta stage.  Much of Swingset is still incomplete, but many ESAPI functions are working.
 
 
==Download/Run==
 
==Download/Run==
This Swingset/Apache Tomcat bundle contains everything you need to get Swingset up and running in a matter of minutes.  No installation is necessary (assuming you have a Java JRE or JDK installed), just edit one line of a batch file or shell script and you're ready to go!
 
  
'''Downloads
+
'''ESAPI Swingset INTERACTIVE'''
  
Note: Version 04b require SSL for the login demo page.  Instructions are included in the version of 04b bundled with Tomcat.  If you do not know how/do not want to set up SSL on your own, it is recommended that you download the ESAPI Swingset 04b bundled with Apache Tomcat below.  In the root directory of the .zip file, there is a README with very simple instructions for setting up SSL for this application. A .keystore file is provided, so user's will not have to generate their own keys.
+
The ESAPI Swingset INTERACTIVE is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities.
  
Be aware, in some browsers, navigating to the login page will provide a warning that the digital signature provided may not be legitimate.  The certificate provided is self-signed for demonstration purposes.  The warning can safely be ignored for this page.  More detailed information will follow in the coming weeks.'''
+
*'''All ESAPI Swingset INTERACTIVE downloads are hosted on the [http://code.google.com/p/owasp-esapi-swingset-interactive/ Google Code site]. You can find the latest downloads for the project [http://code.google.com/p/owasp-esapi-swingset-interactive/downloads/list here].'''
 
+
===ESAPI Swingset/Apache Tomcat Bundle===
+
*[[http://owasp-esapi-java-swingset.googlecode.com/files/Swingset__with_tomcat_04b.zip ESAPI Swingset 04b bundled with Apache Tomcat]]
+
Added: October 31, 2008
+
 
+
'''What is included in this download?'''
+
 
+
This download includes:
+
*Apache Tomcat version 6.0.18
+
*ESAPI Swingset application
+
*Batch file for easy loading of Apache Tomcat in Windows
+
*Readme file with easy setup instructions
+
*Shell script for easy loading of Apache Tomcat in Unix will be bundled soon
+
*Everything you need to try Swingset
+
 
+
===ESAPI Swingset Source Code===
+
*[[http://owasp-esapi-java-swingset.googlecode.com/files/ESAPI_Swingset_04b.zip ESAPI Swingset 04b Source Code]]
+
Added: October 31, 2008
+
 
+
'''What is included in this download?'''
+
 
+
This download includes:
+
*All ESAPI Swingset source files
+
 
+
===ESAPI Swingset WAR file===
+
*[[http://owasp-esapi-java-swingset.googlecode.com/files/ESAPI_Swingset_04b.war ESAPI Swingset 04b WAR file]]
+
Added: October 31, 2008
+
 
+
'''What is included in this download?'''
+
 
+
This download includes:
+
*The ESAPI Swingset WAR file -- just drop it in your Apache Tomcat Webapps directory and you're ready to go
+
Note: the Secure Login page requires SSL be configured on your web server!
+
 
+
==Download the JRE or JDK==
+
If it is not already installed, please download a Java JRE or JDK version 5 or later. 
+
Please note that, Tomcat 5.5 and above uses the Eclipse JDT Java compiler for compiling
+
JSP pages.  This means you no longer need to have the complete
+
Java Development Kit (JDK) to run Tomcat, but a Java Runtime Environment
+
(JRE) is sufficient.
+
*The Java JRE is available [http://java.com/en/download/ here]
+
*The Java JDK is available [http://java.sun.com/javase/downloads/index.jsp here]
+
 
+
==Setup and Run Swingset==
+
===Setup Swingset for Windows===
+
#Extract ESAPI_Swingset.zip to a directory of your choice.
+
#Open Windows Explorer and Navigate to the directory to which ESAPI_Swingset.zip was extracted
+
#Open Tomcat_6.0.18_start.bat with notepad
+
#Set either of the two, JRE_HOME or JAVA_HOME enviornment variable for Tomcat to run.
+
#Save the file
+
 
+
:* To set JAVA_HOME environment variable.  You need to change the line "set JAVA_HOME=jdk_directory" to your Java install directory, where "jdk_directory" is the root of your  Java directory. For many, the line will look like: "set JAVA_HOME=C:\Program Files\Java\jdk1.6.0_10". Please remember that Swingset requires JDK/JRE version 5 or  higher.
+
:* To set JRE_HOME change the "JRE_HOME=C:\Program Files\Java\jre1.6.0_10" so that it points to your JRE installation directory
+
 
+
===Running Swingset on Windows===
+
#Navigate to the ESAPI_Swingset directory
+
#Execute Tomcat_6.0.18_start.bat.  This can be done through the command line or by double clicking the file.
+
#If you followed the installation instructions in this wiki, Tomcat should now be running
+
#Open a web browser and navigate to [http://localhost:8080/main http://localhost:8080/main]
+
#You should see the ESAPI Swingset start page
+
  
 
==How Can I help with Swingset==
 
==How Can I help with Swingset==
The ESAPI Swingset is still in an early beta stage.  Many pages within Swingset are still incomplete, and we could certainly use some help getting them finished.  If you are interested in helping, please check out Swingset's [[http://code.google.com/p/owasp-esapi-java-swingset/source/checkout SVN repository]].
+
The ESAPI Swingset is still in an early beta stage.  Many pages within Swingset are still incomplete, and we could certainly use some help getting them finished.  If you are interested in helping, please see [[Building_ESAPI_Swingset|this page]] for instructions on how to download and build the latest SVN version of the Swingset.
  
If you have any ideas for how the ESAPI Swingset could be better, or if you would like to submit new code, please contact [[User:Jeff Williams|Jeff Williams]].
+
If you have any ideas for how the ESAPI Swingset could be better, or if you would like to submit new code, please contact any of the project leaders.
  
 
==Project Sponsors==  
 
==Project Sponsors==  
Line 80: Line 20:
 
[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]
 
[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]
  
[[Category: OWASP Download]]
+
The OWASP ESAPI Swingset Interactive project is sponsored by
[[Category: OWASP Project]]
+
[http://www.cycubix.com https://www.owasp.org/images/1/11/Cycubix2_small.png]
[[Category: OWASP Enterprise Security API]]
+
==== Project About - Swingset Interactive ====
 +
{{:Projects/OWASP ESAPI Swingset Interactive Project | Project About}}
 +
 
 +
__NOTOC__ <headertabs />
 +
[[Category:OWASP Download]]
 +
[[Category:OWASP Project|ESAPI_Swingset_Project]]
 +
[[Category:OWASP Tool]]
 +
[[Category:OWASP Enterprise Security API|Enterprise Security API]]
 +
[[Category:OWASP_Alpha_Quality_Tool]]

Latest revision as of 10:11, 23 May 2012

Main

The ESAPI Swingset is a web application which demonstrates the many uses of the Enterprise Security API (ESAPI).

Download/Run

ESAPI Swingset INTERACTIVE

The ESAPI Swingset INTERACTIVE is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities.

  • All ESAPI Swingset INTERACTIVE downloads are hosted on the Google Code site. You can find the latest downloads for the project here.

How Can I help with Swingset

The ESAPI Swingset is still in an early beta stage. Many pages within Swingset are still incomplete, and we could certainly use some help getting them finished. If you are interested in helping, please see this page for instructions on how to download and build the latest SVN version of the Swingset.

If you have any ideas for how the ESAPI Swingset could be better, or if you would like to submit new code, please contact any of the project leaders.

Project Sponsors

The OWASP ESAPI project is sponsored by Aspect_logo.gif

The OWASP ESAPI Swingset Interactive project is sponsored by Cycubix2_small.png

Project About - Swingset Interactive

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP ESAPI Swingset Interactive Project (home page)
Purpose:
  • This a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library.
  • The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities.
License: BSD license
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
ESAPI Swingset Interactive - July, 2nd 2010 - (download)
Release description:
  • This is a customised version of the OWASP SwingSet Application.
  • In addition to demonstrating the features of the ESAPI library, we felt it would be useful for developers to work out labs where they are presented with common security vulnerabilities and use ESAPI resolve the issues. We tried to cover as many of the OWASP Top 10 as possible in the labs and changed the grouping of the chapters to map to ASVS verification requirements. We were conscious of the fact that the OWASP Web Goat application already demonstrates the OWASP Top 10 vulnerabilities, but felt that this version of SwingSet could offer developers a chance to learn how to code to prevent these vulnerabilities while using ESAPI.
  • Would be very interested to hear any feedback.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases