ESAPI
 Jeff Williams, Project Mgr - OWASP ESAPI
 Founder and CEO of Aspect Security
 25 years experience
 Top 10, Webgoat pr...
 Issues! when security implementation is in
developers hand.
 Reinventing the wheel
 Complexity of Application Security...
 Security API
 Exhaustive list of security controls
 Web application or web service
project
 120 methods and interface...
Footprints
J2ee ESAPI
Libraries
Libraries barrowed !!
Packages
Create a security API that matches YOUR enterprise
Create a custom ESAPI for your organization.
It works best when ..
Canonicalization feature is handy
Encoding module is very mature.
Data validation response can be improved by spring valid...
1. Add esapi.jar file to lib
2. Create a custom ESAPI for your organization.
2 Step Setup..
Data-validation..
Review.jsp
Review.jsp
Validation.properties
Encoding..
Review.jsp
Review.jsp
Gap between suggestion and execution
Learning .. ..
eND..
ESAPI
Upcoming SlideShare
Loading in …5
×

ESAPI

1,831 views

Published on

null Bangalore Chapter - June 2014 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,831
On SlideShare
0
From Embeds
0
Number of Embeds
774
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ESAPI

  1. 1. ESAPI
  2. 2.  Jeff Williams, Project Mgr - OWASP ESAPI  Founder and CEO of Aspect Security  25 years experience  Top 10, Webgoat proj About the author
  3. 3.  Issues! when security implementation is in developers hand.  Reinventing the wheel  Complexity of Application Security for developers  Simplify application security for developers. Why ESAPI ?
  4. 4.  Security API  Exhaustive list of security controls  Web application or web service project  120 methods and interfaces  First J2ee version realised Aug 2010 What is ESAPI ?
  5. 5. Footprints
  6. 6. J2ee ESAPI Libraries
  7. 7. Libraries barrowed !!
  8. 8. Packages
  9. 9. Create a security API that matches YOUR enterprise Create a custom ESAPI for your organization. It works best when ..
  10. 10. Canonicalization feature is handy Encoding module is very mature. Data validation response can be improved by spring validation framework HTTP header and cookie validations are good Client side JavaScript ESAPI is not part of this module. Not sure if Owasp CSRFguard and CSRF module in ESAPI is same or not My observation..
  11. 11. 1. Add esapi.jar file to lib 2. Create a custom ESAPI for your organization. 2 Step Setup..
  12. 12. Data-validation.. Review.jsp Review.jsp Validation.properties
  13. 13. Encoding.. Review.jsp Review.jsp
  14. 14. Gap between suggestion and execution Learning .. ..
  15. 15. eND..

×