PROJECT INFO What does this OWASP project offer you?
is this project?
OWASP Enterprise Security API
Purpose: Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. OWASP Enterprise Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:
There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.