OWASP Enterprise Security API (ESAPI)

This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project. For details, please see http://www.owasp.org/index.php/ESAPI.

The ESAPI C++ security library is published by OWASP under the BSD license. You should read and accept the LICENSE before you use, modify, and/or redistribute this software.

== ESAPI Library Project ==

The ESAPI C++ library  is a free, open source, security control library for a number of languages, including ASP, PHP, Python, Ruby, Objective C, Java, and .Net. ESAPI is used by a growing number of security conscious organizations, including American Express, Apache Foundation, Booz Allen Hamilton, Aspect Security, Foundstone (McAfee?), The Hartford, Infinite Campus, Lockheed Martin, MITRE, The World Bank, and the SANS Institute.

The ESAPI library facilitates writing lower-risk applications by making it easier to retrofit security into existing applications, and provides a solid foundation for new development. ESAPI C++ is a scaled down version of the library offered in other languages. The C++ version uses Wei Dai's Crypto++ for cryptographic operations, and the SafeInt class written by David LeBlanc for safe integer operations. Additionally, the ESAPI library uses Boost.

The project's web presence is located at https://www.owasp.org/index.php/OWASP_ESAPI_C%2B%2B_Project.

The project's source code is located at http://code.google.com/p/owasp-esapi-cplusplus/.

The project's mailing list and archive is located at https://lists.owasp.org/mailman/listinfo/owasp-esapi-c++.

== ESAPI Library Development ==

If you are developing for ESAPI C++, please ensure you have a development machine ready with Crypto++ and Boost installed. Please visit https://code.google.com/p/owasp-esapi-cplusplus/wiki/DevPrerequisites for details on fetching a distribution's packages.

Please visit https://code.google.com/p/owasp-esapi-cplusplus/source/checkout for details on using Google Code and SVN.

  * To checkout the latest source code, issue the following:
    `svn checkout https://owasp-esapi-cplusplus.googlecode.com/svn/trunk/ owasp-esapi-c++ --username <user name>`

  * To update a local source tree with the latest from Google Code, issue the following from your owasp-esapi-c++/ directory:
    `svn update`

  * To checkin your changes, issue the following:
    `svn checkin <FILE1> <FILE2> ... -m "<Summary of changes>"

If working on Windows, the Visual Studio project expects two environmental variables to be set: one for Crypto++ and one for Boost. The Crypto++ variable is named 'CRYPTOPP' and should point to the directory containing Crypto++. For example, if Crypto++ is in a folder on the desktop, the envrioment should be 'CRYPTOPP=C:\...\Desktop'. Boost uses the environmental variable 'BOOST', and should include the Boost folder (unlike Crypto++). For example, if Boost is located in 'C:\Program Files\boost\boost_1_47', the envrioment should be 'BOOST=C:\Program Files\boost\boost_1_47'. Note well (N.B.): remember to build the Crypto++ and Boost libraries to avoid linker errors.

== ESAPI Library Programming ==

If you are programming an application which uses the ESAPI C++ security library, please visit <???> to ensure you have the latest ESAPI C++ security library.

== ESAPI Library Installation ==

To install the ESAPI C++ security library, please visit <???>.