Blackboard Logo

warningThis page is deprecated

Secure Coding Practices

Blackboard takes security seriously and extends that same outlook to developers by enabling them to apply industry standards of best practice to their Building Blocks.

Blackboard Learn has integrated with a best practices open source security library from the Open Web Application Project’s (OWASP) Enterprise Security API (ESAPI). This security library ships by default installed on Blackboard Learn through a Building Block called “ESAPI Security Module” and is required for system operation. Blackboard strongly recommends all Building Block developers leverage this new Security API based on OWASP ESAPI for Java and ESAPI for JavaScript.

You may read more about the ESAPI library and secure development on Learn at

Secure Coding Best Practices

As part of secure coding practices, input that may be influenced by users, whether trusted or not, should be validated on the server-side before processing (input validation) as well as prior to display (output validation or escaping). This helps ensure system resiliency and prevents security issues such as cross-site scripting.

In addition to input and output validation Learn also affords the ability to encrypt data during context passing.