[Esapi-dev] Status of the ESAPI .NET Project and the ESAPI .NET/J2EE relationship
dinis.cruz at gmail.com
Fri Sep 3 14:32:21 EDT 2010
Hi, a client rencently asked me if we could recomend/use the ESAPI .NET for
remediation advise, and since I'm not sure about the status of this project,
here are my questions:
Sorry about if some of this questions have basic answers but I'm still
getting my head around how ESAPI works
- Alex, are you still leading this project and doing active development?
- Are these the main ESAPI .NET pages?:
the source code at
- It looks like there is no separate project and mailing-list for the
ESAPI .Net, right?
- What is the current development state of the ESAPI .NET port of the
current ESAPI v1.4 and v2.0 releases?
- The question here is basically "How much of the ESAPI J2EE v1.4 and
v2.0 implementation and goodness is currently available in the
* *comments:* "How is the .NET ESAPI different from the Java
ESAPI?:...The two projects are very similar in spirit, but there are
differences. Most of the differences exist because the .NET ESAPI is a less
complex project, although in some cases they exist because I disagree with
the direction of the Java team...."*
- My question is: How can we quantify these differences?
- If I wanted to compare the Java Classes with the .NET classes what
should I look out for?
- For example, from
looks like the J2EE
*org.owasp.esapi.Encoder* should match the *Owasp.Esapi.Endoder*
- Is the espectation that there should be a direct match (both in
name and behaviour) between the classes, methods, properties
between these two projects/classes?
- Is there a minimum base line for each ESAPI implementation?
- is it these interfaces:
- is it the unit tests?
- Where can I see some stats for the ESAPI .NET usage?
- Should I be recomending its use?
- Is there a comparison of the current ESAPI .NET implementation and what
is currently provided by .NET BCL (v2.0. v3.5 and v4.0) , AntiXSS,
EnterpriseLibrary, ASP.NET MCV?
- I'm trying to answer the question: *"We already use XYZ, what does
ESAPI gives me that we already don't have and, why should we add another
DLL/Dependency to our project?"*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev