Menu

Introduction to PCI DSS (Payment Card Industry Data Security Standard)   Introduction to PCI DSS (Payment Card Industry Data Security Standard)   

Data Protection Act 1998   Data Protection Act 1998   

Secure HTML Practices   Secure HTML Practices   

SQL Injection Attack - Introduction and Mitigation Steps   SQL Injection Attack - Introduction and Mitigation Steps   

Cross Site Scripting (XSS) – Introduction and Mitigation Steps   Cross Site Scripting (XSS) – Introduction and Mitigation Steps   

Audit and Testing Tools for Web Application Security   Audit and Testing Tools for Web Application Security   

Threat Modeling for Web Application Security - Practice Guide   Threat Modeling for Web Application Security - Practice Guide   

OWASP Projects - Enterprise Security API

Published on: 8/16/2014
Topic: Web Application Security
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications.

Overview

Allowing for language-specific differences, all OWASP ESAPI versions have the same basic design:

There is a set of security control interfaces. They define for example types of parameters that are passed to types of security controls.
There is a reference implementation for each security control. The logic is not organization-specific and the logic is not application-specific. An example: string-based input validation. There are optionally your own implementations for each security control. There may be application logic contained in these classes which may be developed by or for your organization. An example: enterprise authentication.

This project source code is licensed under the BSD license, which is very permissive and about as close to public domain as is possible.

The project documentation is licensed under the Creative Commons license. You can use or modify ESAPI however you want, even include it
in commercial products.


[Show All Sections]