ESAPI SwingSet Interactive Application
1. ESAPI SwingSet Interactive - Introduction
A few words about this application.
2. Authentication
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. The ESAPI Authenticator interface defines a set of methods for generating and handling account credentials and session identifiers. The goal of this interface is to encourage developers to protect credentials from disclosure to the maximum extent possible.
3. Session Management
Session management is the process of keeping track of a user's activity across sessions of interaction with the computer system. The ESAPI HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests, responses, sessions, cookies, headers, and logging.
4. Access Control
Access Control is a process that defines each user's privileges on a system. The ESAPI AccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control.
5. Input Validation
Input Validation is the process of ensuring that a program operates on clean, correct and useful data. The ESAPI Validator interface defines a set of methods for canonicalizing and validating untrusted input.
6. Output Encoding/Escaping
Encoding is the process of transforming information from one format into another. The ESAPI Encoder interface contains a number of methods for decoding input and encoding output so that it will be safe for a variety of interpreters.
7. Cryptography
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The ESAPI Encryptor interface provides a set of methods for performing common encryption, random number, and hashing operations.
8. Error Handling and Logging
Error handling refers to the anticipation, detection, and resolution of programming, application, and communications errors. Data logging is the process of recording events, with an automated computer program, in a certain scope in order to provide an audit trail that can be used to understand the activity of the system and to diagnose problems. The ESAPI Logger interface defines a set of methods that can be used to log security events.
9. Data Protection
Data Protection is the process of ensuring the prevention of misuse of computer data. The ESAPI HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests, responses, sessions, cookies, headers, and logging.
10. Http Security
HTTP Security refers to the protection of HTTP requests, responses, sessions, cookies, headers and logging. The ESAPI HTTPUtilities interface is a collection of methods that provide additional security for all these.