OWASP AppSec DC 2012/Enterprise Security API ESAPI for C Plus Plus
ESAPI is a free, open source, application security control library that makes it easier for programmers to write lower-risk applications. This presentation will give background on the ESAPI project as a whole, and focus on the C++ specific version. The initial ESAPI for C++ release is planned to happen in April 2012 and will be cross-platform, and compiler agnostic.
-ESAPI Project Overview -ESAPI for C Plus Plus -Integrating Security Controls (DEMO) -ESAPI Future (3.0)
The ESAPI Project Overview will summarize what an Enterprise Security API is, why it is needed, and how it is meant to be incorporated into an application architecture.
Why is building an ESAPI for C++ necessary and relevent to developers? What approach has been taken to building the C++ API, and how does this relate to other ESAPI projects? Lots of thought has been put into the architecture and libraries that are being used in the ESAPI for C++. This presentation will provide details on the project and it's current state, as well as future plans, and how to get involved.
Integrating Security Controls will be a short demonstration on how to use the ESAPI for C++ to add security to a vulnerable application.
The ESAPI project is continuing to evolve and there are exciting plans for the 3.0 specification. This will include an ESAPI Community, a Pluggable Architecture, and lots of Documentation and Tutorials.
Dan Amodio is a Security Engineer at Aspect Security, where he provides application security services to a variety of clients. His experience spans a wide variety of IT departments to include software development, penetration testing, code review, architecture review, hardware and software technical support, along with active participation in The Open Web Application Security Project (OWASP). Dan has over ten years of programming experience in a variety of languages.
Outside of work, Dan enjoys spending time with his wife and daughter. He is a longtime musician, and exercises his attention to detail through performing, recording and sound engineering.