Difference between revisions of "GPC Project Details/OWASP Enterprise Security API"

From OWASP
Jump to: navigation, search
m
m (Removing myself from the project.)
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
| project_name = OWASP Enterprise Security API
 
| project_name = OWASP Enterprise Security API
| project_description = Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. '''OWASP Enterprise Security API (ESAPI) Toolkits''' help software developers guard against security‐related design and implementation flaws. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
+
| project_description = ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
  
 
* '''There is a set of security control interfaces.''' They define for example types of parameters that are passed to types of security controls.  
 
* '''There is a set of security control interfaces.''' They define for example types of parameters that are passed to types of security controls.  
Line 9: Line 9:
 
* '''There are optionally your own implementations for each security control.''' There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.
 
* '''There are optionally your own implementations for each security control.''' There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.
 
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]
 
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]
| leader_name = Jeff Williams
+
| leader_name =Chris Schmidt
| leader_email = jeff.williams@owasp.org
+
| leader_email = chris.schmidt@owasp.org
| leader_username = Jeff_Williams
+
| leader_username = Chris_Schmidt
| past_leaders_special_contributions =  
+
| past_leaders_special_contributions = Jeff Williams, Dave Wichers
 
| maintainer_name =  
 
| maintainer_name =  
 
| maintainer_email =  
 
| maintainer_email =  
 
| maintainer_username =
 
| maintainer_username =
| contributor_name1 =  
+
| contributor_name1 = Kevin Wall
 
| contributor_email1 =  
 
| contributor_email1 =  
 
| contributor_username1 =  
 
| contributor_username1 =  
Line 22: Line 22:
 
| contributor_email2 =  
 
| contributor_email2 =  
 
| contributor_username2 =  
 
| contributor_username2 =  
| contributor_name3 =  
+
| contributor_name3 = Jeff Williams
 
| contributor_email3 =  
 
| contributor_email3 =  
 
| contributor_username3 =  
 
| contributor_username3 =  
| contributor_name4 =  
+
| contributor_name4 = Dave Wichers
 
| contributor_email4 =  
 
| contributor_email4 =  
 
| contributor_username4 =  
 
| contributor_username4 =  
| contributor_name5 =  
+
| contributor_name5 = John Steven
 
| contributor_email5 =  
 
| contributor_email5 =  
 
| contributor_username5 =  
 
| contributor_username5 =  
Line 51: Line 51:
 
| links_url1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
 
| links_url1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
 
| links_name1 = General ESAPI information
 
| links_name1 = General ESAPI information
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE
+
| links_url2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API/Sub-Projects
| links_name2 = ESAPI for Java EE
+
| links_name2 = ESAPI/Sub-Projects
| links_url3 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET
+
| links_name3 = ESAPI for .NET
+
| links_url4 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Classic_ASP
+
| links_name4 = ESAPI for Classic ASP
+
| links_url5 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP
+
| links_name5 = ESAPI for PHP
+
| links_url6 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML
+
| links_name6 = ESAPI for ColdFusion/CFML
+
| links_url7 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python
+
| links_name7 = ESAPI for Python
+
| links_url8 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=JavaScript
+
| links_name8 = ESAPI for JavaScript
+
| links_url9 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Haskell
+
| links_name9 = ESAPI for Haskell
+
| links_url10 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Ruby 
+
| links_name10 = ESAPI for Ruby
+
 
| project_road_map =  
 
| project_road_map =  
 
| project_health_status =  
 
| project_health_status =  

Latest revision as of 14:39, 24 March 2012

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Enterprise Security API

Purpose: ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

License: BSD license

who is working on this project?
Project Leader: Chris Schmidt @

Project Maintainer:

Project Contributor(s):

  • Kevin Wall
  • Jeff Williams
  • Dave Wichers
  • John Steven
how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Chris Schmidt @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.