Seven Things to Love About ESP


Embedthis ESP™ is the amazing C web framework that operates at “thought speed”.

Designed for embedded devices and high performance web services, ESP is exceptionally fast, close to the hardware, yet offers features normally found only in larger enterprise web frameworks — Amazing.

Here I list the top seven things I really like about ESP.

1. ESP is Fast — Really Fast!

ESP pages and applications are compiled to native code — this means ESP apps run as fast as the hardware will allow and much more quickly than most other web frameworks. To serve a web page or respond to a request, ESP executes from memory and renders responses directly to the network — there is often no disk access. But best of all, you can easily include live data in responses at native speed.

2. Dynamic Compiling and Loading

ESP pages and applications are transparently compiled into binary. There is no lengthy build step. You can edit a page, click reload in the browser and instantly see the new content. There is no need to manually rebuild the application or web pages, nor do you have to restart the web server to render new content. In this manner, ESP develops like a scripted web framework, but runs like pure binary code.

3. ESP is Close to the Hardware and the O/S

Because ESP uses C, you can call system and hardware APIs directly from an ESP page or controller. There is no “thunking” layer to slow things down, nor redundant abstraction layers to navigate. You can directly interact with with system libraries and hardware and include the results in your responses.

For device management, being close to the hardware means a smaller, simpler application. It also means less code and that helps contribute to a more secure application.

Some may argue that normal C is prone to buffer overflows and memory exceptions, however ESP provides safe string and memory handling to help prevent these errors and ensure memory leaks don’t happen. Increasingly, security errors are in the application layer and not the sole domain of the language. For this, ESP also has strong support to help prevent SQL injection, string format errors, Cross Site Scripting and denial of service vulnerabilities.

4. MVC

The Model-View-Controller MVC paradigm is a design pattern for creating and managing applications. It partitions the separate concerns of application data, application logic and user interface into three discrete components. It has proven to be highly successful in simplifying application design and maintenance.

The ESP Web Framework supports the entire MVC pattern, but it also permits you to use each component separately so that you can have stand-alone controllers, views or database models. This flexibility allows you to pick and choose the components you need or to embrace the entire MVC paradigm.

ESP MVC provides:

  • Integrated Database support for the SQLite and MDB databases.
  • Views templates provide easy insertion of dynamic data into web pages.
  • Controllers provide direct mapping from request URLs to C functions responsible for responding to the request.

5. Controller Actions

An ESP application can map URLs directly to C functions via RESTful routes. ESP does all the heavy lifting processing parsing the request, decoding the URL, and processing the request parameters so these functions are called “actions”, can focus on the responding to request and generating a response. For example, this action responds with the current weather forecast:

static void status() {
    render("{ The weather is: %s }", getForecast());

This action would be placed in a controller file that will be automatically compiled on-demand.

6. Templates

ESP templates are HTML web pages with embedded “C” code. You can run any C code or call C functions exactly where you require the data. For example:

        <p>Today's forecast is: <%= getForecast(); %></p>

ESP integrates with the Expansive web site manager for page layouts and page processing. Expansive provides layout and partial page support that provides a common look and feel for the entire site. The layout page provides the outer structure of each page and the content page provides the content that is specific to an individual page. For example, given the layout page:

        \<@ content @>

Then a content page will replace the “content” marker.

<p>Today's forecast is: <%= getForecast(); %></p>

ESP provides a simple API to interact with request parameters, session data, database data and other common tasks for web applications. See ESP API for more details.

Garbage Collection

When using C code inside a web page, you would normally have to manage memory. Typically, allocated memory must be freed otherwise your application would leak memory. Fortunately, ESP uses garbage collection so that any dynamic memory allocated via ESP APIs will be automatically collected after the web page runs.

7. Application and scaffold generator

ESP comes with a swiss-army knife utility program called esp. The esp program can serve your application, but also install extension packages and generate applications, scaffolds, migrations, boilerplate code and configuration.

To run your application, type “esp run” or just “esp”.

$> esp run
esp: 2: Started HTTP service on ""
esp: 2: Started HTTPS service on ""

The esp program can generate entire scaffolds. For example:

    esp generate scaffold post title:string body:text

This command will create CRUD management for a blog post controller. It will generate views to create, edit, list and delete posts. It will create a controller with actions and database with migration scripts. In one command, you can quickly mock out your basic application structure.

Extension packages

ESP is integrated and complete by itself, but it can also be extended by installing optional packages from the ESP Pak Online Catalog of packages. Using the pak utility, you can can easily install packages. For example, to install ESP support for AngularJS:

pak install esp-angular

This will install the esp-angular package as well as all required dependent packages including Angular itself.

ESP includes a subset of the Pak package manager. The esp program can access the locally cached packages, but cannot retrieve them from the Online catalog. Use pak to retrieve, install, list, manage, upgrade and uninstall packages. For example: to list the packages used by an ESP application:

$> pak list
angular 1.2.6
angular-bootstrap 0.7.0
bootstrap 3.0.0
esp-angular 5.0.0-rc0
esp-angular-mvc 5.0.0-rc0
esp-best 5.0.0-rc0
esp-gui 5.0.0-rc0
esp-mgr 5.0.0-rc0
esp-mvc 5.0.0-rc0
esp-server 5.0.0-rc0
esp-user 5.0.0-rc0
font-awesome 4.0.0
html5shiv 3.6.2
less 1.3.3
me-dev 0.8.0
me-doc 0.8.0
me-package 0.8.0
more 0.0.2
respond 1.1.0


When creating management interfaces, often we want to be able to display and update in real-time dynamic data. Using HTTP polling or repeated Ajax requests is slow and inefficient. ESP has full

support for WebSockets to provide real-time full-duplex communications with clients. Importantly, this permits efficient server initiated communications. WebSockets is very low latency and dramatically lowers the cost of data updates.

The gauges in the image below are connected via a WebSocket to the server.

Appweb Monitor


Conventional wisdom says that web applications should only be written in a memory safe language where buffer overruns and similar vulnerabilities cannot be exploited. However, this often comes at a cost. Web applications written for PHP or Ruby may take more than 50MB of RAM and cannot effectively run on many, perhaps most embedded devices. However, you don’t have to use a large enterprise language on embedded devices to attain security.

ESP uses the C language because it is the fastest and most efficient — embedded platforms demand such efficiency. To meet the security need, ESP provides extensive security support. It has a safe runtime and memory allocator that prevent most buffer overflows, memory exceptions and string handling errors. This gives the safety of a “managed” language but preserves the raw-speed of C.

Today, the scope of potential security vulnerabilities extend well beyond the choice of language for your web application: Cross Site Scripting, SQL injection, denial of service, cross site request forgery, information disclosure, and password security, these all need to be addressed. Crucially, developers needs support from their web framework to minimize these threats. ESP provides extensive security support to minimize all these threads. It also includes extensive sandbox limits to monitor the web application to ensure it never compromises the device on which is runs. To protect itself, ESP has defensive counter-measures to monitor and ban attacking clients in real-time.

Integrated into Appweb

ESP is integrated into the Appweb embedded web server. This means you can have the leading web server pre-integrated with the ESP web framework for the most secure hosting for ESP applications in devices.

Try It

To try ESP, down Appweb from Or to learn more, see the documentation at

About ESP

Embedthis ESP is the amazing C language web framework that operates securely at “thought-speed”. It is extremely fast, yet comprehensive and secure. ESP dramatically cuts the time and cost of developing dynamic embedded web applications by including a complete MVC web framework that offers web templates, in-memory databases, request routing, caching and an extensive catalog of extension packs.

As one of the most widely deployed embedded web frameworks, ESP is being used in networking equipment, telephony, mobile devices, industrial control, and consumer and office equipment as well in high-performance web services. ESP provides both Open-Source and commercial licenses and comes with full source code.


{{}} said ...

Comments Closed

© Embedthis Software® LLC. All rights reserved. Privacy Policy and Terms of Use.


This web site uses cookies to provide you with a better viewing experience. Without cookies, you will not be able to view videos, contact chat or use other site features. By continuing, you are giving your consent to cookies being used.