MOPS Submission 01 – A New Open Source Tool: OWASP ESAPI for PHP

May 3rd, 2010

Today we want to present you the first external MOPS submission. It was sent in by Mike Boberski on behalf of the OWASP ESAPI development team. It is an article about their OWASP ESAPI for PHP.

Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every PHP web application leads to wasted time and massive security holes. OWASP Enterprise Security API (ESAPI) for PHP helps software developers guard against security‐related design and implementation flaws. ESAPI for PHP is designed to make it easy to retrofit security into existing applications, as well as providing a solid foundation for new development.

The full article is only available as PDF download from here.

NOTE: Please note that all opinions or views expressed in articles submitted to MOPS are opinions and views of the author(s) and therefore not necessary shared by the Month of PHP Security Team.




  • mario35823
    Couldn't figure out what this does exactly. The PDF is not explainative on what it means by its "security controls" phrase.
    The code looks mostly like a set of abstract classes / stub APIs. It contains a couple of reusable sanitization and log methods, generic utility features. Follows some Java naming conventions. Overall seems enterprisey.
blog comments powered by Disqus