2. Jeff Williams, Project Mgr - OWASP ESAPI
Founder and CEO of Aspect Security
25 years experience
Top 10, Webgoat proj
About the author
3. Issues! when security implementation is in
developers hand.
Reinventing the wheel
Complexity of Application Security for
developers
Simplify application security for developers.
Why ESAPI ?
4. Security API
Exhaustive list of security controls
Web application or web service
project
120 methods and interfaces
First J2ee version realised Aug 2010
What is ESAPI ?
10. Create a security API that matches YOUR enterprise
Create a custom ESAPI for your organization.
It works best when ..
11. Canonicalization feature is handy
Encoding module is very mature.
Data validation response can be improved by spring validation framework
HTTP header and cookie validations are good
Client side JavaScript ESAPI is not part of this module.
Not sure if Owasp CSRFguard and CSRF module in ESAPI is same or not
My observation..
12. 1. Add esapi.jar file to lib
2. Create a custom ESAPI for your organization.
2 Step Setup..