Project Talk: OWASP Enterprise Security API Project

Presented at AppSec USA 2013, Nov. 20, 2013, 11 a.m. (50 minutes).

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. Learn more about the OWASP ESAPI Project from Project Leaders, Chris Schmidt and Kevin Wall.


Presenters:

  • Chris Schmidt - Chief Architect - Contrast Security
    Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization. During the day, Chris is Chief Architect for Contrast Security where he has been since fall 2010. Prior to joining the team at Contrast Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC's, Servers, Midrange Systems and Peripherals for 9 years.
  • Kevin Wall - Information Security Engineer - Wells Fargo
    Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec, Kevin spent 17 years at (now Nokia, then AT&T) Bell Labs, leaving there as a DMTS in 1996 to become an independent consultant in C++ and Java. Kevin became involved in the OWASP Enterprise Security API (ESAPI) project in early fall of 2009, and after redesigning and rewriting all the symmetric cryptography related classes, he somehow found himself "elected" as co-project lead of ESAPI in 2011. Kevin also spent from 2000-2007 as an adjunct faculty member on the Franklin University CS staff where he taught Distributed Operating Systems and Computer Security. Kevin has been working on the Wells Fargo Secure Code Review team for just over of 3 years; he figures it is about as close to code as any company will let him get, which is why he stays active in the development of ESAPI. When Kevin is not around code, he waxes eloquently on 3-4 page TL;DR discourses that he posts various mailing lists or hangs out with other dinosaur friends at local watering holes discussing appsec, coding, sports, and quantum physics.

Links:

Similar Presentations: