ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
Learn about the OWASP ESAPI Project
This is the README file for the Enterprise Security API for C library. What is ESAPI? ========================== The Enterprise Security API (ESAPI) is a free, open source library of security controls that make it easier for programmers to write lower-risk applications. The original ESAPI was written for Java web applications and served to inspire many "ports". These ports are not exactly ports in a traditional sense, but more domain specific visions of what "the ESAPI of those languages" should look like. ESAPI for C is one of those visions. It is a general API for helping programmers to build more secure business applications. There are easy to use functions for proper auditing, simple wrappers for cryptographic functions, and much more. What is ESAPI for C not? ========================== ESAPI for C is not a library for helping programmers avoid memory corruption mistakes. The domain of problems associated with memory management have inspired a great many libraries and efforts didn't deserve another unnecessary re-invention. It is also not a "web" API. What platforms are supported? ========================== The following platforms have been confirmed to support ESAPI for C: * OSX, 32/64-bit * Linux, 32/64-bit Although untested, all the dependencies and source should run on other POSIX operating systems and Windows.
Dependencies =============== The following dependences are assumed to be installed at compile time and runtime for the Enterprise Security API (ESAPI): * log4c * uthash * libgcrypt Note: If you need a FIPS 140-2 validated crypto module, you must use the libcrypt version 1.4.4 included in Red Hat 5.4. Installation =============== Installation of the ESAPI library is fairly straightforward: 1. `cd' to the directory containing the package's source code and type `make' to build the source. All the dependencies are assumed to be installed. 2. Optionally type `make runtests' to run all the unit tests that ship with the source. 3. Type `make install' to install the library. 4. To clean up any object files and artifacts left hanging around from the build process, type `make clean'.