The same group of people that wrote the OWASP Top Ten<http://www.owasp.org/index.php/Top_10_2007>now bring you ESAPI<http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API>, the Enterprise Security API, and I've ported it to Python. ESAPI<http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python>provides numerous application-level controls that are desperately needed in today's web applications. ESAPI provides...
- Strong encoding/decoding/canonicalization to prevent XSS and interpreter attacks - Flexible authentication and access control - Object reference maps to hide server-side objects and references from the user - Secure session management utilities - Strong input validation using whitelists - Easy-to-use encryption framework for symmetric-key and public-key cryptography - Secure PRNG with helper methods - Flexible and powerful security logging - Intrusion detection - block attackers before they find a weak point! ESAPI<http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python>is pure Python and is not tied to any framework. It only takes a few minutes to set up and you can use as much or as little of it as you would like - there is no lock-in. The goal of the ESAPI project is to get strong, easy-to-use security controls in the hands of web developers so that they can focus on what they do best: creating brilliant websites. This project has two main ways in which it can be used. First, application developers can pick it up and use the controls inside to secure their applications. Second, framework developers can look at it and incorporate the design and functionality of the security controls into the framework itself. ESAPI is released under the BSD license, so you can do pretty much anything you want with it. If having a secure Django application is important to you, I hope you take a look at ESAPI: OWASP wiki: http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Python Google code: http://code.google.com/p/owasp-esapi-python/ Questions, comments, and criticisms are all welcome. Thank you. -- Craig Younkins Website/Blog <http://cyounkins.blogspot.com/> -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
