APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
Your SlideShare is downloading.
×
Check these out next
More Related Content
Slideshows for you (20)
Viewers also liked (20)
Similar to ESAPI (20)
More from n|u - The Open Security Community (20)
Recently uploaded (20)
ESAPI
- 1. ESAPI
- 2. Jeff Williams, Project Mgr - OWASP ESAPI Founder and CEO of Aspect Security 25 years experience Top 10, Webgoat proj About the author
- 3. Issues! when security implementation is in developers hand. Reinventing the wheel Complexity of Application Security for developers Simplify application security for developers. Why ESAPI ?
- 4. Security API Exhaustive list of security controls Web application or web service project 120 methods and interfaces First J2ee version realised Aug 2010 What is ESAPI ?
- 5. Footprints
- 6. J2ee ESAPI Libraries
- 7. Libraries barrowed !!
- 8. Packages
- 9. Create a security API that matches YOUR enterprise Create a custom ESAPI for your organization. It works best when ..
- 10. Canonicalization feature is handy Encoding module is very mature. Data validation response can be improved by spring validation framework HTTP header and cookie validations are good Client side JavaScript ESAPI is not part of this module. Not sure if Owasp CSRFguard and CSRF module in ESAPI is same or not My observation..
- 11. 1. Add esapi.jar file to lib 2. Create a custom ESAPI for your organization. 2 Step Setup..
- 12. Data-validation.. Review.jsp Review.jsp Validation.properties
- 13. Encoding.. Review.jsp Review.jsp
- 14. Gap between suggestion and execution Learning .. ..
- 15. eND..
