zoukankan      html  css  js  c++  java
  • ESAPI = Enterprise Security API

    下面是OWASP里的说明,其实简单一点来说,ESAPI就是为编写出更加安全的代码设计出来的一些API,方便使用者调用,从而方便的编写安全的代码。它本身是开源的,同时提供JAVA版本和.NET版本。

    代码下载地址:http://code.google.com/p/owasp-esapi-java/

    ESAPI介绍的PPT:http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt

    下图显示了提供的API与OWASP列出的10个安全问题的涵盖关系:


     

     ---------------------------------------------------------  来自 owasp --------------------------------------------------------------------------

    Watch the Video

    What is ESAPI?

    The ESAPI is a free and open collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point. In concept, the API is language independent. However, the first deliverables from the project are a Java API and a Java reference implementation. Efforts to build ESAPI in .NET and PHP are already underway.

    Why ESAPI?

    Unfortunately, the available platforms, frameworks, and toolkits (Java EE, Struts, Spring, etc...) simply do not provide enough protection. This leaves developers with responsibility for designing and building security mechanisms. This reinventing the wheel for every application leads to wasted time and massive security holes.

    The cost savings through reduced development time, and the increased security due to using heavily analyzed and carefully designed security methods provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques. This API is designed to automatically take care of many aspects of application security, making these issues invisible to the developers.

    Where did ESAPI come from?

    The OWASP ESAPI project is led by Jeff Williams, who serves as the volunteer chair of OWASP and is the CEO of Aspect Security. Jeff is a software developer who has specialized in application security since 1995. The ESAPI is the result of over a decade of code review and penetration testing of critical enterprise applications. If you'd like to volunteer to help on the project, you can contact him at jeff.williams@owasp.org.

    More information about the ESAPI can be found in the ESAPI PowerPoint presentation

  • 相关阅读:
    Jmeter之http性能测试实战 非GUI模式压测 NON-GUI模式 结果解析TPS——干货(十一)
    UI Recorder 自动化测试 回归原理(九)
    UI Recorder 自动化测试 录制原理(八)
    UI Recorder 自动化测试 整体架构(七)
    UI Recorder 自动化测试 配置项(六)
    UI Recorder 自动化测试 工具栏使用(五)
    UI Recorder 自动化测试 回归测试(四)
    UI Recorder 自动化测试 录制(三)
    UI Recorder 自动化测试工具安装问题疑难杂症解决(二)
    UI Recorder 自动化测试安装教程(一)
  • 原文地址:https://www.cnblogs.com/coderzh/p/1377140.html
Copyright © 2011-2022 走看看