Tuesday, August 31, 2010

OWASP's CF ESAPI

So a little while back, I took an interest in the OWASP website.  I soon realized they provided API's with a lot of their recommendations already built for any one to use in their projects.  My dreams of simple security implementation were soon crushed when I discovered the ColdFusion version of their Enterprise Security API (ESAPI) was never finished.

I got in contact with the project lead who informed me that he no longer had time to work on it and was looking to pass it off.  So I set out to finish this API myself.  I started off with what was already done, but soon scrapped it in favor of mirroring what the Java version of the API was doing.

I have now been working on this in my spare time for awhile now and I have to say, I am quite happy with myself.  I have the authentication and authorization pieces working.  I am currently working on the encoding functionality which I recently decided that using some of the Java API's functionality was necessary in order to accomplish string manipulation in a timely manner.  Thank you, JavaLoader :)

I have not at this point pursued taking over as lead to the CFESAPI project.  I am waiting until I have something a little more solid before entering that realm.