The OWASP Enterprise Security API for C

ESAPI-C User Guide

Learn about the OWASP ESAPI Project


This is the README file for the Enterprise Security API for C library.

What is ESAPI?

The Enterprise Security API (ESAPI) is a free, open source library of
security controls that make it easier for programmers to write lower-risk

The original ESAPI was written for Java web applications and served to 
inspire many "ports". These ports are not exactly ports in a traditional
sense, but more domain specific visions of what "the ESAPI of those 
languages" should look like. ESAPI for C is one of those visions.

It is a general API for helping programmers to build more secure business 
applications. There are easy to use functions for proper auditing, simple
wrappers for cryptographic functions, and much more.

What is ESAPI for C not?

ESAPI for C is not a library for helping programmers avoid memory
corruption mistakes. The domain of problems associated with memory 
management have inspired a great many libraries and efforts didn't 
deserve another unnecessary re-invention.

It is also not a "web" API.

What platforms are supported?

The following platforms have been confirmed to support ESAPI for C:

* OSX, 32/64-bit
* Linux, 32/64-bit

Although untested, all the dependencies and source should run on other 
POSIX operating systems and Windows.

Installation Help


The following dependences are assumed to be installed at compile time
and runtime for the Enterprise Security API (ESAPI):

* log4c 
* uthash
* libgcrypt

Note: If you need a FIPS 140-2 validated crypto module, you must use
the libcrypt version 1.4.4 included in Red Hat 5.4.


Installation of the ESAPI library is fairly straightforward:

  1. `cd' to the directory containing the package's source code and type
     `make' to build the source. All the dependencies are assumed to be

  2. Optionally type `make runtests' to run all the unit tests that ship
     with the source.

  3. Type `make install' to install the library.

  4. To clean up any object files and artifacts left hanging around from
     the build process, type `make clean'.
 All Data Structures Files Functions Variables Typedefs Defines