GPC Project Details/OWASP Enterprise Security API

From OWASP
Revision as of 16:32, 30 September 2010 by Jmanico (Talk | contribs)

Jump to: navigation, search
PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Enterprise Security API

Purpose: Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. OWASP Enterprise Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

License: BSD license

who is working on this project?
Project Leader: Jeff Williams @

Project Maintainer: Jim Manico @

Project Contributor(s):

  • Chris Schmidt
  • Kevin Wall
how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Jeff Williams @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.