(5320) Fundamental Application Security Building Blocks - The Benefits of Establishing an Enterprise Security API (ESAPI) for Your Organization

Technical long talk 50 min

Wednesday, 2008-06-25, 17:30 - 18:20, Arena 6

Dave Wichers - Aspect Security, Inc. (speaker)

Topics

• Web application frameworks
• Security

Download the presentation

Abstract

ESAPI is an open source API, which pulls together all the security methods that 
a developer needs to build a secure web application. The API is language 
independent but comes with a reference implementation written in Java. 
Developers can use this API and build their own implementation using their 
company's infrastructure, or, they can use the fully functional reference 
implementation as a starting point.

The cost savings through reduced development time, and the increased security 
due to using heavily analyzed and carefully designed security methods provide 
developers with a massive advantage over developers that are trying to deal with 
security using existing ad hoc secure coding techniques. This API is designed to 
automatically take care of many aspects of application security, making these 
issues invisible to the developers.