OWASP AppSec DC 2012/Enterprise Security API ESAPI for C Plus Plus
Revision as of 15:55, 2 March 2012 by Mark.bristow
ESAPI is a free, open source, application security control library that makes it easier for programmers to write lower-risk applications. This presentation will give background on the ESAPI project as a whole, and focus on the C++ specific version. The initial ESAPI for C++ release is planned to happen in April 2012 and will be cross-platform, and compiler agnostic.
-ESAPI Project Overview -ESAPI for C Plus Plus -Integrating Security Controls (DEMO) -ESAPI Future (3.0)
The ESAPI Project Overview will summarize what an Enterprise Security API is, why it is needed, and how it is meant to be incorporated into an application architecture.
Why is building an ESAPI for C++ necessary and relevent to developers? What approach has been taken to building the C++ API, and how does this relate to other ESAPI projects? Lots of thought has been put into the architecture and libraries that are being used in the ESAPI for C++. This presentation will provide details on the project and it's current state, as well as future plans, and how to get involved.
Integrating Security Controls will be a short demonstration on how to use the ESAPI for C++ to add security to a vulnerable application.
The ESAPI project is continuing to evolve and there are exciting plans for the 3.0 specification. This will include an ESAPI Community, a Pluggable Architecture, and lots of Documentation and Tutorials.