| Package | Description |
|---|---|
| org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
| org.owasp.esapi.errors |
A set of exception classes designed to model the error conditions that
frequently arise in enterprise web applications and web services.
|
| org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
| org.owasp.esapi.reference.accesscontrol | |
| org.owasp.esapi.reference.accesscontrol.policyloader | |
| org.owasp.esapi.reference.crypto |
This package contains the reference implementation for some of
the ESAPI cryptography-related classes used throughout ESAPI.
|
| org.owasp.esapi.reference.validation |
This package contains data format-specific validation rule functions.
|
| org.owasp.esapi.tags |
This package contains sample JSP tags that demonstrate how to use the ESAPI functions
to protect an application from within a JSP page.
|
| org.owasp.esapi.waf.rules |
This package contains all of the Rule subclasses that correspond to policy file entries.
|
| Class and Description |
|---|
| AccessController
The AccessController interface defines a set of methods that can be used in a wide variety of applications to
enforce access control.
|
| Authenticator
The Authenticator interface defines a set of methods for generating and
handling account credentials and session identifiers.
|
| Encoder
The Encoder interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
|
| Encryptor
The Encryptor interface provides a set of methods for performing common
encryption, random number, and hashing operations.
|
| ExecuteResult
The ExecuteResult class encapsulates the pieces of data that can be returned
from a process executed by the Executor interface.
|
| Executor
The Executor interface is used to run an OS command with reduced security risk.
|
| HTTPUtilities
The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
responses, sessions, cookies, headers, and logging.
|
| IntrusionDetector
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
|
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
| Logger.EventType
Defines the type of log event that is being generated.
|
| Randomizer
The Randomizer interface defines a set of methods for creating
cryptographically random numbers and strings.
|
| SecurityConfiguration
The
SecurityConfiguration interface stores all configuration information
that directs the behavior of the ESAPI implementation. |
| SecurityConfiguration.Threshold
Models a simple threshold as a count and an interval, along with a set of actions to take if
the threshold is exceeded.
|
| User
The User interface represents an application user or user account.
|
| ValidationErrorList
The ValidationErrorList class defines a well-formed collection of
ValidationExceptions so that groups of validation functions can be
called in a non-blocking fashion.
|
| ValidationRule |
| Validator
The Validator interface defines a set of methods for canonicalizing and
validating untrusted input.
|
| Class and Description |
|---|
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
| Class and Description |
|---|
| AccessController
The AccessController interface defines a set of methods that can be used in a wide variety of applications to
enforce access control.
|
| AccessReferenceMap
The AccessReferenceMap interface is used to map from a set of internal
direct object references to a set of indirect references that are safe to
disclose publicly.
|
| Authenticator
The Authenticator interface defines a set of methods for generating and
handling account credentials and session identifiers.
|
| Encoder
The Encoder interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
|
| ExecuteResult
The ExecuteResult class encapsulates the pieces of data that can be returned
from a process executed by the Executor interface.
|
| Executor
The Executor interface is used to run an OS command with reduced security risk.
|
| HTTPUtilities
The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
responses, sessions, cookies, headers, and logging.
|
| IntrusionDetector
The IntrusionDetector interface is intended to track security relevant events and identify attack behavior.
|
| LogFactory
The LogFactory interface is intended to allow substitution of various logging packages, while providing
a common interface to access them.
|
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
| Logger.EventType
Defines the type of log event that is being generated.
|
| Randomizer
The Randomizer interface defines a set of methods for creating
cryptographically random numbers and strings.
|
| SecurityConfiguration
The
SecurityConfiguration interface stores all configuration information
that directs the behavior of the ESAPI implementation. |
| SecurityConfiguration.Threshold
Models a simple threshold as a count and an interval, along with a set of actions to take if
the threshold is exceeded.
|
| User
The User interface represents an application user or user account.
|
| ValidationErrorList
The ValidationErrorList class defines a well-formed collection of
ValidationExceptions so that groups of validation functions can be
called in a non-blocking fashion.
|
| ValidationRule |
| Validator
The Validator interface defines a set of methods for canonicalizing and
validating untrusted input.
|
| Class and Description |
|---|
| AccessController
The AccessController interface defines a set of methods that can be used in a wide variety of applications to
enforce access control.
|
| AccessControlRule |
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
| Class and Description |
|---|
| AccessControlRule |
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
| Class and Description |
|---|
| EncryptedProperties
The
EncryptedProperties interface represents a properties file
where all the data is encrypted before it is added, and decrypted when it
retrieved. |
| Encryptor
The Encryptor interface provides a set of methods for performing common
encryption, random number, and hashing operations.
|
| Class and Description |
|---|
| Encoder
The Encoder interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
|
| ValidationErrorList
The ValidationErrorList class defines a well-formed collection of
ValidationExceptions so that groups of validation functions can be
called in a non-blocking fashion.
|
| ValidationRule |
| Class and Description |
|---|
| Encoder
The Encoder interface contains a number of methods for decoding input and encoding output
so that it will be safe for a variety of interpreters.
|
| Class and Description |
|---|
| Logger
The Logger interface defines a set of methods that can be used to log
security events.
|
Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.