owasp - ESAPI Doc and tutorial -
i'm interested in esapi use in production environment. there official, unofficial documentation on how setup web application ?
esapi has intentions, referenced de facto in owasp top 10 issues.
however main development not active. library provided as is.
there 2 java libraries depending on versions:
- owasp enterprise security api java: version >= 3.x
- maintained 1 contributor (chris schmidt), last code commit (as of today) on nov 20, 2013.
- enterprise security api java (legacy): version <= 2.x
- maintained @ least 3 contributors, last code commit (as of today) on may 30, 2015.
there wish have documentation (https://www.owasp.org/index.php/esapi_documentation), especially: how use esapi in new application.
but currently, light...
as of march 2014 project downgraded away flagship status (http://off-the-wall-security.blogspot.fr/2014/03/esapi-no-longer-owasp-flagship-project.html). (credits avgvstvs)
if still want learn esapi, best can have currently:
- the esapi swing set, "web application demonstrates many uses of esapi" (https://www.owasp.org/index.php/esapi_swingset)
- the tests of legacy version (https://github.com/esapi/esapi-java-legacy/tree/master/src/test/java/org/owasp/esapi).
- the wiki of legacy version (https://www.owasp.org/index.php/category:owasp_enterprise_security_api)
- the mailing list archives (http://lists.owasp.org/pipermail/esapi-dev/)
the readme on new version annonce new stuff come:
2 sept 2014 - gearing great stuff done @ appsecusa in denver month. we'll announcing our schedule , we'll @ conference soon! stay tuned!
maybe doc arrive 1 day...
Comments
Post a Comment