Difference between revisions of "Project Information: OWASP Enterprise Security API Project"

From OWASP
Jump to: navigation, search
Line 8: Line 8:
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
'''What ESAPI is?''' The ESAPI is a free and open collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point. In concept, the API is language independent. However, the first deliverables from the project are a Java API and a Java reference implementation. Efforts to build ESAPI in .NET and PHP are already underway.
+
Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The '''OWASP Enterprise Security API (ESAPI) Toolkits''' help software developers guard against security-related design and implementation flaws. The ESAPI Toolkit architecture is very simple – a collection of classes that encapsulate the key security operations most applications need. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. ESAPI comes with an ESAPI filter that minimizes the changes required to your base application. There are ESAPI Toolkits for the following platforms:
 +
* '''Java EE''' - This version of the ESAPI Toolkit is currently available.
 +
* '''.NET''' - This version of the ESAPI Toolkit is currently under development.
 +
* '''PHP''' - This version of the ESAPI Toolkit is currently under development.
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|
 
  | style="width:15%; background:#7B8ABD" align="center"|
Line 32: Line 35:
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
 
Provisory '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]'''<br>(Waiting for Second Reviewer's assessment)<br>[[:OWASP Enterprise Security API Project - Assessment Frame|Please see here for complete information.]]
 
Provisory '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]'''<br>(Waiting for Second Reviewer's assessment)<br>[[:OWASP Enterprise Security API Project - Assessment Frame|Please see here for complete information.]]
  | style="width:42%; background:#cccccc" align="center"|
+
  | style="width:42%; background:#cccccc" align="left"|
[http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx ESAPI PowerPoint presentation]<br>[http://www.youtube.com/watch?v=QAPD1jPn04g ESAPI Video presentation]<br>ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br>JAVA 1.4 compatible JAR for ESAPI v1.4 - [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar Complete] & [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar Basic] JAR files<br>[http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip Source files for ESAPI v1.4]<br>[http://code.google.com/p/owasp-esapi-java/ ESAPI Google Code repository]<br>[http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html ESAPI Javadocs]<br>[https://www.owasp.org/index.php/ESAPI_Javadocs Javadocs' information generation]<br>[http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]
+
* [http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx ESAPI PowerPoint presentation]<br>
 +
* [http://www.youtube.com/watch?v=QAPD1jPn04g ESAPI Video presentation]<br>
 +
* ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br>
 +
* JAVA 1.4 compatible JAR for ESAPI v1.4 - [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar Complete] & [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar Basic] JAR files<br>
 +
* [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip Source files for ESAPI v1.4]<br>
 +
* [http://code.google.com/p/owasp-esapi-java/ ESAPI Google Code repository]<br>
 +
* [http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html ESAPI Javadocs]<br>
 +
* [https://www.owasp.org/index.php/ESAPI_Javadocs Javadocs' information generation]<br>
 +
* [http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
[[Top Ten|OWASP Top Ten]]
+
[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]<br>[http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP ASVS Project]
 
  |}
 
  |}
 
----
 
----

Revision as of 22:54, 3 March 2009


PROJECT INFORMATION
Project Name OWASP Enterprise Security API (ESAPI) Project
Short Project Description

Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise Security API (ESAPI) Toolkits help software developers guard against security-related design and implementation flaws. The ESAPI Toolkit architecture is very simple – a collection of classes that encapsulate the key security operations most applications need. ESAPI is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development. ESAPI comes with an ESAPI filter that minimizes the changes required to your base application. There are ESAPI Toolkits for the following platforms:

  • Java EE - This version of the ESAPI Toolkit is currently available.
  • .NET - This version of the ESAPI Toolkit is currently under development.
  • PHP - This version of the ESAPI Toolkit is currently under development.

Key Project Information

Project Leader
Jeff Williams

Project Contibutors
If any, add here

Mailing List
Subscribe here
Use here

License
BSD license

Project Type
Tool

Sponsors
Aspect_logo.gif
Release Status Main Links Related Projects

Provisory Release Quality
(Waiting for Second Reviewer's assessment)
Please see here for complete information.

OWASP Top Ten
OWASP ASVS Project