SlideShare a Scribd company logo

ESAPI

n|u - The Open Security Community
n|u - The Open Security Community

This document discusses the OWASP ESAPI project, a security API that aims to simplify application security for developers. It provides an overview of ESAPI, including that it contains over 120 security methods and interfaces and was first released in 2010. The document also notes that developers should customize ESAPI to match their own organization and that canonicalization and encoding features are mature, while data validation could be improved.

1 of 16
Download to read offline
ESAPI
 Jeff Williams, Project Mgr - OWASP ESAPI  Founder and CEO of Aspect Security  25 years experience  Top 10, Webgoat proj About the author
 Issues! when security implementation is in developers hand.  Reinventing the wheel  Complexity of Application Security for developers  Simplify application security for developers. Why ESAPI ?
 Security API  Exhaustive list of security controls  Web application or web service project  120 methods and interfaces  First J2ee version realised Aug 2010 What is ESAPI ?
Footprints
J2ee ESAPI Libraries
Libraries barrowed !!
Packages
Create a security API that matches YOUR enterprise Create a custom ESAPI for your organization. It works best when ..
Canonicalization feature is handy Encoding module is very mature. Data validation response can be improved by spring validation framework HTTP header and cookie validations are good Client side JavaScript ESAPI is not part of this module. Not sure if Owasp CSRFguard and CSRF module in ESAPI is same or not My observation..
1. Add esapi.jar file to lib 2. Create a custom ESAPI for your organization. 2 Step Setup..
Data-validation.. Review.jsp Review.jsp Validation.properties
Encoding.. Review.jsp Review.jsp
Gap between suggestion and execution Learning .. ..
eND..

Recommended

INTRODUCTION TO IIS
INTRODUCTION TO IISINTRODUCTION TO IIS
INTRODUCTION TO IIS
sanya6900
 
Introduction to devops
Introduction to devopsIntroduction to devops
Introduction to devops
UtpalenduChakrobortt1
 
Hosting a website on IIS Server
Hosting a website on IIS ServerHosting a website on IIS Server
Hosting a website on IIS Server
Dinesh Vasamshetty
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation Slides
SlideTeam
 
Maven ppt
Maven pptMaven ppt
Maven ppt
natashasweety7
 
Laravel - The PHP Framework for Web Artisans
Laravel - The PHP Framework for Web ArtisansLaravel - The PHP Framework for Web Artisans
Laravel - The PHP Framework for Web Artisans
Windzoon Technologies
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 

Recommended

INTRODUCTION TO IIS
INTRODUCTION TO IISINTRODUCTION TO IIS
INTRODUCTION TO IIS
sanya6900
 
Introduction to devops
Introduction to devopsIntroduction to devops
Introduction to devops
UtpalenduChakrobortt1
 
Hosting a website on IIS Server
Hosting a website on IIS ServerHosting a website on IIS Server
Hosting a website on IIS Server
Dinesh Vasamshetty
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation Slides
SlideTeam
 
Maven ppt
Maven pptMaven ppt
Maven ppt
natashasweety7
 
Laravel - The PHP Framework for Web Artisans
Laravel - The PHP Framework for Web ArtisansLaravel - The PHP Framework for Web Artisans
Laravel - The PHP Framework for Web Artisans
Windzoon Technologies
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 
An Introduction to Maven
An Introduction to MavenAn Introduction to Maven
An Introduction to MavenVadym Lotar
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
Virendra Ruhela
 
Progressive Web App
Progressive Web AppProgressive Web App
Progressive Web App
SaleemMalik52
 
Firebase Introduction
Firebase Introduction Firebase Introduction
Firebase Introduction
9xdot
 
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
Simplilearn
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Mettje Heegstra
 
laravel.pptx
laravel.pptxlaravel.pptx
laravel.pptx
asif290119
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Ravindu Fernando
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Frederik Mogensen
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
Abdullah al Mamun
 
Dynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop SlidesDynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop Slides
VMware Tanzu
 
VMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessVMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation Process
NetProtocol Xpert
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
Knoldus Inc.
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...
DenisFlavius
 
Jboss Tutorial Basics
Jboss Tutorial BasicsJboss Tutorial Basics
Jboss Tutorial Basics
Anandraj Kulkarni
 
Tomcat
TomcatTomcat
TomcatVenkat Pinagadi
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
SUBHENDU KARMAKAR
 
Devops Devops Devops
Devops Devops DevopsDevops Devops Devops
Devops Devops Devops
Kris Buytaert
 
Observables in Angular
Observables in AngularObservables in Angular
Observables in Angular
Knoldus Inc.
 
Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라
Hyeong-Kyu Lee
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 

More Related Content

What's hot

An Introduction to Maven
An Introduction to MavenAn Introduction to Maven
An Introduction to MavenVadym Lotar
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
Virendra Ruhela
 
Progressive Web App
Progressive Web AppProgressive Web App
Progressive Web App
SaleemMalik52
 
Firebase Introduction
Firebase Introduction Firebase Introduction
Firebase Introduction
9xdot
 
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
Simplilearn
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Mettje Heegstra
 
laravel.pptx
laravel.pptxlaravel.pptx
laravel.pptx
asif290119
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Ravindu Fernando
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Frederik Mogensen
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
Abdullah al Mamun
 
Dynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop SlidesDynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop Slides
VMware Tanzu
 
VMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessVMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation Process
NetProtocol Xpert
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
Knoldus Inc.
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...
DenisFlavius
 
Jboss Tutorial Basics
Jboss Tutorial BasicsJboss Tutorial Basics
Jboss Tutorial Basics
Anandraj Kulkarni
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
SUBHENDU KARMAKAR
 
Devops Devops Devops
Devops Devops DevopsDevops Devops Devops
Devops Devops Devops
Kris Buytaert
 
Observables in Angular
Observables in AngularObservables in Angular
Observables in Angular
Knoldus Inc.
 

What's hot (20)

An Introduction to Maven
An Introduction to MavenAn Introduction to Maven
An Introduction to Maven
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
 
Progressive Web App
Progressive Web AppProgressive Web App
Progressive Web App
 
Firebase Introduction
Firebase Introduction Firebase Introduction
Firebase Introduction
 
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 2 | Devops Interview Questions And Answers ...
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
laravel.pptx
laravel.pptxlaravel.pptx
laravel.pptx
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
 
Dynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop SlidesDynatrace Cloud-Native Workshop Slides
Dynatrace Cloud-Native Workshop Slides
 
VMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessVMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation Process
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 
Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...Andrew p. mc mahon machine learning engineering with python- manage the pro...
Andrew p. mc mahon machine learning engineering with python- manage the pro...
 
Jboss Tutorial Basics
Jboss Tutorial BasicsJboss Tutorial Basics
Jboss Tutorial Basics
 
Tomcat
TomcatTomcat
Tomcat
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
Devops Devops Devops
Devops Devops DevopsDevops Devops Devops
Devops Devops Devops
 
Observables in Angular
Observables in AngularObservables in Angular
Observables in Angular
 

Viewers also liked

Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라
Hyeong-Kyu Lee
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
Sharath Unni
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
n|u - The Open Security Community
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
3S Labs
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
n|u - The Open Security Community
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
n|u - The Open Security Community
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demo
Akash Mahajan
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
Nutan Kumar Panda
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 

Viewers also liked (20)

Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라Springcamp 2015 - xss는 네가 맡아라
Springcamp 2015 - xss는 네가 맡아라
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
 
Flashack
FlashackFlashack
Flashack
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demo
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 

Similar to ESAPI

Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Automating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CDAutomating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CD
rkadayam
 
Declaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaDeclaring Server App Components in Pure Java
Declaring Server App Components in Pure Java
Atlassian
 
Spring boot vs spring framework razor sharp web applications
Spring boot vs spring framework razor sharp web applicationsSpring boot vs spring framework razor sharp web applications
Spring boot vs spring framework razor sharp web applications
Katy Slemon
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
DevOpsDays Tel Aviv
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
Soluto
 
jVoiD - the enterprise ecommerce Java by Schogini
jVoiD - the enterprise ecommerce Java by SchoginijVoiD - the enterprise ecommerce Java by Schogini
jVoiD - the enterprise ecommerce Java by Schogini
Schogini Systems Pvt Ltd
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.
Vitaly Balashov
 
Introduction to Spring sec1.pptx
Introduction to Spring sec1.pptxIntroduction to Spring sec1.pptx
Introduction to Spring sec1.pptx
NourhanTarek23
 
LAST Conference - Dev-Ops and Continuous Delivery
LAST Conference - Dev-Ops and Continuous DeliveryLAST Conference - Dev-Ops and Continuous Delivery
LAST Conference - Dev-Ops and Continuous Delivery
Nigel Fernandes
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Developer Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and ArquillianDeveloper Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and Arquillian
Ray Ploski
 
Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps
Chetan Gordhan
 
Integration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsIntegration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real Things
Atlassian
 
Enterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable ApplicationsEnterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable Applications
Gordon Dickens
 
SE2018_Lec-22_-Continuous-Integration-Tools
SE2018_Lec-22_-Continuous-Integration-ToolsSE2018_Lec-22_-Continuous-Integration-Tools
SE2018_Lec-22_-Continuous-Integration-Tools
Amr E. Mohamed
 

Similar to ESAPI (20)

Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Automating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CDAutomating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CD
 
Declaring Server App Components in Pure Java
Declaring Server App Components in Pure JavaDeclaring Server App Components in Pure Java
Declaring Server App Components in Pure Java
 
Spring boot vs spring framework razor sharp web applications
Spring boot vs spring framework razor sharp web applicationsSpring boot vs spring framework razor sharp web applications
Spring boot vs spring framework razor sharp web applications
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
 
jVoiD - the enterprise ecommerce Java by Schogini
jVoiD - the enterprise ecommerce Java by SchoginijVoiD - the enterprise ecommerce Java by Schogini
jVoiD - the enterprise ecommerce Java by Schogini
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.
 
Introduction to Spring sec1.pptx
Introduction to Spring sec1.pptxIntroduction to Spring sec1.pptx
Introduction to Spring sec1.pptx
 
LAST Conference - Dev-Ops and Continuous Delivery
LAST Conference - Dev-Ops and Continuous DeliveryLAST Conference - Dev-Ops and Continuous Delivery
LAST Conference - Dev-Ops and Continuous Delivery
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Developer Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and ArquillianDeveloper Productivity with Forge, Java EE 6 and Arquillian
Developer Productivity with Forge, Java EE 6 and Arquillian
 
Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps Microsoft DevOps Solution - DevOps
Microsoft DevOps Solution - DevOps
 
Integration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real ThingsIntegration Testing on Steroids: Run Your Tests on the Real Things
Integration Testing on Steroids: Run Your Tests on the Real Things
 
Enterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable ApplicationsEnterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable Applications
 
SE2018_Lec-22_-Continuous-Integration-Tools
SE2018_Lec-22_-Continuous-Integration-ToolsSE2018_Lec-22_-Continuous-Integration-Tools
SE2018_Lec-22_-Continuous-Integration-Tools
 

More from n|u - The Open Security Community

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
n|u - The Open Security Community
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
JezreelCabil2
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Delivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and TrainingDelivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and Training
AG2 Design
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 

Recently uploaded (20)

Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Delivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and TrainingDelivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and Training
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 

ESAPI