ESAPI 1.4: Security Methods for the Web
The Enterprise Security API (ESAPI), a set of documentation focusing on application software security, has released a new version 1.4. Javadocs were updated and old interfaces were replaced.
ESAPI is a product of the Open Web Application Security Project (OWASP). The organization collects expertise on securing web applications, holds conferences and develops tools such as the WebScarab HTTP/S analysis proxy. OWASP members range from small consulting firms and security providers like Symantec to industry giants like IBM and Microsoft.
ESAPI describes methods that a typical web app needs for security. These methods include fixing authentication and protecting against cross-site scripting (XSS), cross-site request forgery (XSRF) and SQL injection. Other methods address failure to restrict URL access, insecure communications and improper error handling. The project publishes a Top 10 list of the most serious web app vulnerabilities.
The ESAPI project recommends that developers shouldn't continue to reinvent the security wheel for each application, but base their efforts on OWASP's expertise gained "over a decade of code review and penetration testing of critical enterprise applications."
The API is virtually independent of operating system and programming language, even though the current reference implementation is written in Java along with its Javadoc. Versions for .NET and PHP are planned.
ESAPI's Java implementation requires Java 1.4.2, but Java 1.6 users can uncomment code to make it work for them. The reference implementation is in binary JAR format for downloading. Developers will then have a forum in the OWASP-ESAPI mailing list.
Issue 210/2018
Buy this issue as a PDF
News
-
Red Hat Enterprise Linux 7.5 Released
The latest release is focused on hybrid cloud.
-
Microsoft Releases a Linux-Based OS
The company is building a new IoT environment powered by Linux.
-
Solomon Hykes Leaves Docker
In a surprise move, Solomon Hykes, the creator of Docker has left the company.
-
Red Hat Celebrates 25th Anniversary with a New Code Portal
The company announces a GitHub page with links to source code for all its projects
-
Gnome 3.28 Released
The latest GNOME rolls out with better contact management and new features for handling virtual machines.
-
Install Firefox in a Snap on Linux
Mozilla has picked the Snap package system to deliver its application to Linux users.
-
OpenStack Queens Released
The new release comes with new features for mission critical workloads.
-
Kali Linux Comes to Windows
The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
-
Ubuntu to Start Collecting Some Data with Ubuntu 18.04
It will be an ‘opt-out’ feature.
-
CNCF Illuminates Serverless Vision
The Cloud Native Computing Foundation announces a paper describing their model for a serverless ecosystem.