Here is some information regarding next week’s Thursday OWASP – DC/MD Local Chapter infosec meetup event. Also since the last OWASP – Northern Virginia (NoVA) meeting was held in late February, they are going to skip the March meeting and recommend going to the OWASP – DC/MD one.
- Who: Jeff Williams
- What: Securing Java EE Applications with the OWASP Enterprise Security API (ESAPI)
- Jeff Williams, the CEO of Aspect Security and the volunteer Chair of the OWASP Foundation, will present the new OWASP Project he is leading — the OWASP Enterprise Security API (ESAPI). ESAPI is an API and reference implementation designed to make it as easy as possible for web developers to address the most common web application security vulnerabilities, including those discussed in the OWASP Top Ten. ESAPI defines a simple, well-structured, and obvious interface to all the classes and methods a developer needs to build a secure web application, and comes with a reference implementation and over 600 test cases. ESAPI includes numerous new security mechanisms that are simply not present in Java EE today, including intrusion detection! Correctness, completeness, and simplicity are the three primary design goals of ESAPI. ESAPI provides a worked example of most security challenges faced by enterprise developers. Developers, architects, and application security specialists can use ESAPI as a baseline for what is expected in their applications. This presentation will cover the basic structure of the API, why using it represents a significant reduction in application security costs, and even why it makes projects more agile.
- When: 3/20, 6:00 – 9:00 EST
- Where: Aspect Security, Inc.; 9175 Guilford Road, Suite 300; Columbia, MD 21046-2565; Main: 301-604-4882