- OWASP ESAPI is free open source API for securing web applications
- It can be used to implement and enhance security of existing applications
- It contains:
– A set of security control interfaces
– Reference implementation for security control
– Custom implementations for each security control
- Package org.owasp.esapi.reference.validation provides following data validation classes:
– BaseValidationRule: Validating untrusted source
– CreditCardValidationRule: Validating credit card no.
– DateValidationRule: Validating date
– HTMLValidationRule: Validating HTML to protect from XSS attack
– IntegerValidationRule: Validating integers
– NumberValidationRule: Validating number input format
– StringValidationRule: Validating strings
Example: Input Validation using OWASP ESAPI
Cheng® 