Overview  Package  Class  Use  Tree  Deprecated  Index  Help 
 PREV   NEXT FRAMES    NO FRAMES    

OWASP Enterprise Security API (ESAPI)

The OWASP Enterprise Security API (ESAPI) is both a set of interfaces and a reference implementation of a library that provides enterprise web application developers the most important security functions they need in order to build web applications and web services that protect themselves against attacks.

See:
          Description

Packages
org.owasp.esapi The ESAPI interfaces and Exception classes model the most important security functions to enterprise web applications.
org.owasp.esapi.filters  
org.owasp.esapi.reference Reference implementations of the ESAPI interfaces.
org.owasp.esapi.tags  

 

The OWASP Enterprise Security API (ESAPI) is both a set of interfaces and a reference implementation of a library that provides enterprise web application developers the most important security functions they need in order to build web applications and web services that protect themselves against attacks.

The The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under an open source license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

The OWASP ESAPI Project is led by Jeff Williams, Aspect Security

You can find more information about the ESAPI project, or join the mailing list and help us make it better from the OWASP project page at http://www.owasp.org/index.php/ESAPI.

The library builds on the excellent security libraries available, such as Java Logging, JCE, and Adobe Commons FileUpload. It uses the concepts from many of the security packages out there, such as ACEGI, Apache Commons Validator, Microsoft's AntiXSS library, and many many more. This library provides a single consistent interface to security functions that is intuitive for enterprise developers.

Used properly, the ESAPI provides enough functions to protect against most of the OWASP Top Ten. The only real exception is the Insecure Communications category, which is generally outside the control of the software developer.

This project and all associated code is Copyright (c) 2007 - The OWASP Foundation

The ESAPI is published by OWASP under the LGPL. You should read and accept the LICENSE before you use, modify, and/or redistribute this software.

 Overview  Package  Class  Use  Tree  Deprecated  Index  Help 
 PREV   NEXT FRAMES    NO FRAMES