Difference between revisions of "OWASP/Training/OWASP ESAPI"

Jump to: navigation, search
Line 16: Line 16:
| Material =  
| Material =  
* Data sheet ([http://www.owasp.org/images/8/81/Esapi-datasheet.pdf PDF], [http://www.owasp.org/images/3/32/Esapi-datasheet.doc Word])
* Project presentation ([http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt PowerPoint])
* ESAPI Project presentation ([http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt PowerPoint])
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])
* ESAPI Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])
* ESAPI Data sheet ([http://www.owasp.org/images/8/81/Esapi-datasheet.pdf PDF], [http://www.owasp.org/images/3/32/Esapi-datasheet.doc Word])

Revision as of 17:18, 14 April 2010

OWASP Enterprise Security API
Overview & Goal
ESAPI is Enterprise security api’s for remediation of OWASP Top 10 vulnerabilities. It has generic api's for each of these vulnerability. This is a great source where application developers can see how specific issues can be remediated. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
Contents Materials

All OWASP ESAPI language versions have the same basic design:

  • There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
  • There is a reference implementation for each security control. The logic is not organization‐specific and the logic is not application‐specific. An example: string‐based input validation.
  • There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.