IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [esapi]

OWASP Enterprise Security API (ESAPI) is a family of open source web application security libraries for different languages.

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.

source OWASP:

6 questions
14
votes
3 answers

How do I get started using ESAPI WAF?

I've been to the OWASP Enterprise Security API (Java Edition) Google Groups page and found this information missing.
Tim Troy
  • 341
  • 3
  • 6
7
votes
2 answers

Is OWASP ESAPI still the recommended way to secure JSP pages

I noticed OWASP ESAPI hasn't been updated in a while (minor update in 2016, and before 2013). Are there better alternatives to using it i.e. using a more maintained framework's utilities for say escaping and validating user inputs ala XSS…
blindcodifier9734
  • 205
  • 1
  • 3
  • 5
5
votes
2 answers

How does OWASP ESAPI protect against direct object reference vulnerabilities?

What other good solutions are there? From the Area51 proposal
AviD
  • 72,138
  • 22
  • 136
  • 218
1
vote
2 answers

OWASP ESAPI PHP implementation for XSS attacks

I searched extensively for good materials for prevention of XSS attacks using OWASP ESAPI, but could not find any beginner material. Can some one please give me an example how this works?
Lahiru Tjay
  • 11
  • 2
1
vote
1 answer

Is OWASP ESAPI .NET Edition really used? Is this project still alive?

I have just seen that the last release has been pushed out in 2009 and that raised my doubts.
westbeam87
  • 419
  • 4
  • 11
0
votes
2 answers

How can API documentation helpful to exploit any application?

Here I want to understand what if private API Documentation is exposed how can a hacker exploited the application as all the endpoints have authorization & authentication. its is really going to be helpful for a hacker to exploit with documentation…
Nitin Rastogi
  • 285
  • 1
  • 2
  • 8