Securing your applications with ESAPI
63 views
Skip to first unread message
Craig Younkins
Dec 27, 2009, 2:11:51 PM12/27/09
to django...@googlegroups.com
The same group of people that wrote the OWASP Top Ten now bring you ESAPI, the Enterprise Security API, and I've ported it to Python. ESAPI provides numerous application-level controls that are desperately needed in today's web applications. ESAPI provides...
The goal of the ESAPI project is to get strong, easy-to-use security controls in the hands of web developers so that they can focus on what they do best: creating brilliant websites. This project has two main ways in which it can be used. First, application developers can pick it up and use the controls inside to secure their applications. Second, framework developers can look at it and incorporate the design and functionality of the security controls into the framework itself. ESAPI is released under the BSD license, so you can do pretty much anything you want with it.
If having a secure Django application is important to you, I hope you take a look at ESAPI:
OWASP wiki: http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python
Google code: http://code.google.com/p/owasp-esapi-python/
Questions, comments, and criticisms are all welcome. Thank you.
- Strong encoding/decoding/canonicalization to prevent XSS and interpreter attacks
- Flexible authentication and access control
- Object reference maps to hide server-side objects and references from the user
- Secure session management utilities
- Strong input validation using whitelists
- Easy-to-use encryption framework for symmetric-key and public-key cryptography
- Secure PRNG with helper methods
- Flexible and powerful security logging
- Intrusion detection - block attackers before they find a weak point!
The goal of the ESAPI project is to get strong, easy-to-use security controls in the hands of web developers so that they can focus on what they do best: creating brilliant websites. This project has two main ways in which it can be used. First, application developers can pick it up and use the controls inside to secure their applications. Second, framework developers can look at it and incorporate the design and functionality of the security controls into the framework itself. ESAPI is released under the BSD license, so you can do pretty much anything you want with it.
If having a secure Django application is important to you, I hope you take a look at ESAPI:
OWASP wiki: http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python
Google code: http://code.google.com/p/owasp-esapi-python/
Questions, comments, and criticisms are all welcome. Thank you.
Reply all
Reply to author
Forward
0 new messages