All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • org.owasp.esapi.package.html Maven / Gradle / Ivy

    Go to download

    The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

    There is a newer version: 2.5.5.0
    Show newest version
    






The ESAPI interfaces and {@code Exception} classes model the most
important security functions to enterprise web applications.
The interfaces in this package are intended to be extended and
customized within an enterprise to match their custom data,
security services, and application environment. A reference
implementation of this interface is provided as an example of how this
library can be implemented successfully, but is useful in many ways
by itself as well.

    
OWASP ESAPI interfaces and reference implementation provides
enterprise web application developers with the most important
security functions they need in ordre to build secure web applications
and web services that stand up to most common-day web-based attacks.

    

    Sponsor
    

    The The Open Web Application
Security Project (OWASP) is a worldwide free and open community focused
on improving the security of application software. Our mission is to
make application security "visible," so that people and organizations
can make informed decisions about application security risks. Everyone
is free to participate in OWASP and all of our materials are available
under an open source license. The OWASP Foundation is a 501c3
not-for-profit charitable organization that ensures the ongoing
availability and support for our work.
    


    The

OWASP ESAPI Project
is led by Jeff Williams,
Aspect Security.


    You can find more information about the ESAPI Java project, or join
the mailing list and help us make it better from the OWASP project page
at http://www.owasp.org/index.php/ESAPI#tab=Java_EE.
    


    ESAPI Architecture
    


    The ESAPI class library builds on the excellent security libraries available,
such as Java Logging, JCE, and Apache Commons FileUpload. It uses the
concepts from many of the security packages out there, such as Spring Security,
Apache Commons Validator, Microsoft's AntiXSS library, and many many
more. This library provides a single consistent interface to security
functions that is intuitive for enterprise developers.
    




    Addressing OWASP Top Ten
    


    Used properly, the ESAPI provides enough functions to protect
against most of the

OWASP Top Ten.  The only real exception is the
Insecure Communications category, which is generally outside the control
of the software developer.
    



    Copyright and License
    


    This project and all associated code is Copyright (c) 2007 - The OWASP Foundation
    


    This project licensed under the BSD license,
which is very permissive and about as close to public domain as is possible. You can use or modify
ESAPI however you want, even include it in commercial products.
    


    References
    

This library builds on some of the ideas found in:




    © 2015 - 2024 Weber Informatics LLC | Privacy Policy