Appendix B

Enterprise Security API

Overview

The OWASP Enterprise Security API (ESAPI) Toolkit helps software developers guard against security-related design and implementation flaws. You learned about the OWASP ESAPI project in Chapter 6, which described ESAPI methods for preventing many of the OWASP Top 10 Vulnerabilities. In this appendix, you’ll find details on many of these methods and how they are used in Java code development.

Allowing for language specific differences, all OWASP ESAPI versions use the same basic design:

There is a set of security control interfaces. They define, for example, types of parameters that are passed to types of security controls. There is no proprietary information or logic contained in these interfaces.

Get Secure and Resilient Software Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure and Resilient Software Development by Mark S. Merkow, Lakshmikanth Raghavan

Enterprise Security API

Overview

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly