"Chris Schmidt: the OWASP ESAPI"
ESAPI 2.0 - Defense Against the Dark Arts Beef (Chris Schmidt)
In this presentation Chris will highlight the latest GA release of OWASP Enterprise Security API 2.0.
Key touchpoints of the talk will include:
- What is ESAPI
- Integrating Controls
- Crypto Enhancements
- ESAPI Roadmap and Future
- ESAPI Community Launch
is ESAPI will feature an updated overview of what an Enterprise
Security API is, why it is important, and how it is intended to be used.
This will be a high-level overview intended to raise questions from you
about specifics that can be addressed in the breakout session or over a
Integrating Controls will be a brief view into what it actually takes to build and integrate an ESAPI control into a web application. This demo will focus on solving a XSS issue on a small vulnerable web application.
One of the single largest enhancements to ESAPI 2.0 was a complete overhaul of the Crypto component. Kevin Wall drove this initiative from idea to completed project and will be highlighting the hows, whys, and whats of the enhancements.
ESAPI has come a long way since Jeff Williams originally started the project many years ago - and it has grown and evolved into something that is much bigger than any of us anticipated. The ESAPI Dev team will be outlining what you can expect to see over the next 12 months of ESAPI development and you will definitely not want to miss this.
The ESAPI Community is a new idea, focused on bringing in some of the awesome integration work that the user community has done and making it available as pluggable components that can be used to address common integration concerns such as using ESAPI with Struts or Spring.
- 5:45pm -- free parking @ Hosting.com's garage
- 6pm: pizza & beer
- 6:30pm: Introduction and Chapter business
- 6:45pm --> 9pm: Presentation