Difference between revisions of "GPC Project Details/OWASP Enterprise Security API"

From OWASP
Jump to: navigation, search
m (Removing myself from the project.)
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
| project_name = OWASP Enterprise Security API
 
| project_name = OWASP Enterprise Security API
| project_description =
+
| project_description = ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
| project_license =
+
 
| leader_name = Jeff Williams
+
* '''There is a set of security control interfaces.''' They define for example types of parameters that are passed to types of security controls.
| leader_email =
+
 
| leader_username = Jeff_Williams
+
* '''There is a reference implementation for each security control.''' The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
| past_leaders_special_contributions =  
+
 
| maintainer_name =
+
* '''There are optionally your own implementations for each security control.''' There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.
 +
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]
 +
| leader_name =Chris Schmidt
 +
| leader_email = chris.schmidt@owasp.org
 +
| leader_username = Chris_Schmidt
 +
| past_leaders_special_contributions = Jeff Williams, Dave Wichers
 +
| maintainer_name =  
 
| maintainer_email =  
 
| maintainer_email =  
| maintainer_username =  
+
| maintainer_username =
| contributor_name1 =  
+
| contributor_name1 = Kevin Wall
 
| contributor_email1 =  
 
| contributor_email1 =  
 
| contributor_username1 =  
 
| contributor_username1 =  
Line 16: Line 22:
 
| contributor_email2 =  
 
| contributor_email2 =  
 
| contributor_username2 =  
 
| contributor_username2 =  
| contributor_name3 =  
+
| contributor_name3 = Jeff Williams
 
| contributor_email3 =  
 
| contributor_email3 =  
 
| contributor_username3 =  
 
| contributor_username3 =  
| contributor_name4 =  
+
| contributor_name4 = Dave Wichers
 
| contributor_email4 =  
 
| contributor_email4 =  
 
| contributor_username4 =  
 
| contributor_username4 =  
| contributor_name5 =  
+
| contributor_name5 = John Steven
 
| contributor_email5 =  
 
| contributor_email5 =  
 
| contributor_username5 =  
 
| contributor_username5 =  
Line 43: Line 49:
 
| presentation_link = http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt
 
| presentation_link = http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt
 
| mailing_list_name = esapi-user
 
| mailing_list_name = esapi-user
| links_url1 =
+
| links_url1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
| links_name1 = ESAPI for Java EE
+
| links_name1 = General ESAPI information
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE
+
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API/Sub-Projects
| links_name2 = ESAPI for .NET
+
| links_name2 = ESAPI/Sub-Projects
| links_url3 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET
+
| links_name3 = ESAPI for Classic ASP
+
| links_url4 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Classic_ASP
+
| links_name4 = ESAPI for PHP
+
| links_url5 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP
+
| links_name5 = ESAPI for ColdFusion/CFML
+
| links_url6 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML
+
| links_name6 = ESAPI for Python
+
| links_url7 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python
+
| links_name7 = ESAPI for JavaScript
+
| links_url8 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=JavaScript
+
| links_name8 = ESAPI for Haskell
+
| links_url9 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Haskell
+
| links_name9 =
+
| links_url10 =
+
| links_name10 =
+
 
| project_road_map =  
 
| project_road_map =  
 
| project_health_status =  
 
| project_health_status =  

Latest revision as of 14:39, 24 March 2012

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Enterprise Security API

Purpose: ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

License: BSD license

who is working on this project?
Project Leader: Chris Schmidt @

Project Maintainer:

Project Contributor(s):

  • Kevin Wall
  • Jeff Williams
  • Dave Wichers
  • John Steven
how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Chris Schmidt @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.