Where is the ESAPI documentation located?
ESAPI has good intentions, it actually refers de facto to the top 10 OWASP questions.
However, its main development is not very active. The library is provided as is.
There are two Java libraries depending on the versions:
- OWASP Enterprise Security API for Java : version> = 3.x
- Maintained by one contributor (Chris Schmidt), the last commit code (as of today) was November 20, 2013.
- Enterprise Security API for Java (Legacy) : Version <= 2.x
- Supported by at least 3 contributors, the last commit code (as of today) was May 30, 2015.
There is a desire to have documentation ( https://www.owasp.org/index.php/ESAPI_Documentation ), especially: How to use ESAPI in a new application .
But nowadays it really is light ...
As of March 2014, the project has been downgraded from flagship status ( http://off-the-wall-security.blogspot.fr/2014/03/esapi-no-longer-owasp-flagship-project.html ). (credits to avgvstvs)
If you still want to learn ESAPI, the best you can currently do is:
- ESAPI Swing Kit, "A Web Application Demonstrating Many ESAPI Uses" ( https://www.owasp.org/index.php/ESAPI_Swingset )
- Deprecated version testing ( https://github.com/ESAPI/esapi-java-legacy/tree/master/src/test/java/org/owasp/esapi ).
- Old version wiki ( https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API )
- Mailing list archives ( http://lists.owasp.org/pipermail/esapi-dev/ )
README in the new version of annonce new stuff to come:
September 2, 2014. We're gearing up for a great addition to AppSecUSA in Denver this month. We will announce our schedule and will be at the conference soon! Stay with us!
Maybe the document will arrive one day ...
source to share
If you want to learn safe programming with ESAPI, check out the ESAPI swing set: https://www.owasp.org/index.php/ESAPI_Swingset
However, as superbob pointed out, you probably shouldn't be using it in new production applications.
source to share