-
Notifications
You must be signed in to change notification settings - Fork 364
Home
##Getting Started with ESAPI
Software is at a tipping point. The rapid increase in connectivity, combined with a dramatic rise in the value of assets in our systems, and the increasing use of new protocols and technologies has resulted in applications that represent significant risk to the organizations that build and use them.
One key part of the problem is that application security is a large and complex discipline that most developers will not be able to master, particularly if they are busy learning the latest framework or language. We believe that a key part of the road forward must be to simplify application security for developers.
To help organizations accomplish this, OWASP has defined a security API that covers all the security controls a typical enterprise web application or web service project might need. There are about 120 methods across all the different security controls, organized into a simple intuitive set of interfaces. We’ve worked very hard to make this API as clear and obvious as possible, to make it easy for developers to make the right decision.
We’re building this library in a completely free and open way. All ESAPI projects are offered under the open source under the BSD license. This is absolutely critical for such important code. Only with complete openness can we achieve the level of assurance required. And only with freedom can we help organizations adopt our approach. This library provides a single consistent interface to security functions that is intuitive for enterprise developers. Used properly, the ESAPI provides enough functions to protect against most of the OWASP Top Ten and quite a few more common vulnerabilities.
We want organizations to create their own security API for their enterprise. We recognize that every organization has complex platforms, systems, directories, databases, and infrastructure. We are not trying to replace any of that. We’re trying to simplify the application security problem for your developers by providing a simple consistent API to your security infrastructure.