[GPC] OWASP ESAPI for Perl

[Paulo Coimbra]

Hello Sterling,

I apologize for the time I've taken to set this project up; your request has
caught me in the beginning of a period of vacancies.

As for your request, first of all, I thank you for volunteering to lead an
OWASP Project.  It is with volunteers like yourselves that OWASP continues
to succeed in making application security visible.
 
Secondly, here 
https://www.owasp.org/index.php/OWASP_ESAPI_Perl_Project#tab=Project_About
is the project¹s wiki page which has been placed amongst all the other OWASP
EASPI Projects 
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=E
SAPI_Perl 
<http://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Proj
ects> .
 
Please check it out and let me know if you find any problems or mistakes and
feel obviously free to add any additional information to the project¹s wiki
page or to request assistance regarding its edition.
 
Thirdly, later on, when your project reaches a point that you'd like OWASP
to assist in its promotion, we will need the following to help spread the
word about it:

- Project Flyer/Pamphlet (PDF file):
http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project
-flyerpamphlet-thing/.
 
 - Conference style presentation describing the project in at least 3 slides
- 
http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide
-presentation-thing/
 
Fourthly, as work on your project progresses and you are ready to create a
new release, please let the Global Projects Committee (GPC) know of the
change in status so that we can create the needed template to support it.
 
The GPC can work with you to get your project assessed and moved up the
OWASP quality ladder from Alpha to Beta to Stable.  Not every release
requires an assessment - feel free to email the GPC if you are unsure about
your project's requirements.
 
http://www.owasp.org/index.php/Assessment_Criteria_v2.0

To conclude, we recommend that every project leader or contributor fills in
his wiki account with Resume/Curriculum Vitae, Wiki Contributions and Email
Address and makes it available on his project page. Those elements will help
us with building a proper idea of their technical profile and will
facilitate the contact within OWASP contributors. Please see below the
tutorial¹s first paragraph and an example.

https://www.owasp.org/index.php?title=Special:UserLogin&type=signup

http://www.owasp.org/index.php/Tutorial
 
http://www.owasp.org/index.php/User:Mtesauro
 
That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me.
 
Many thanks, best regards,

Thanks,
- Paulo

Paulo Coimbra
OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>

From:  Jeff Williams <jeff.williams at aspectsecurity.com>
Date:  Thu, 18 Aug 2011 18:29:49 -0400
To:  Sterling Hanenkamp <sterling at hanenkamp.com>, Paulo Coimbra
<paulo.coimbra at owasp.org>
Subject:  RE: OWASP ESAPI for Perl

That¹s great.  Paulo, can you start up the ESAPI for Perl project with
Sterling as the lead.
 
Sterling, if you can kick it off that would be great.  Hopefully, we can
attract a bunch of developers to build it out and make it great.  Thanks!
 
--Jeff
 
Jeff Williams, CEO
Aspect Security
work: 301-604-4882
mobile: 410-707-1487
 
From: Sterling Hanenkamp [mailto:sterling at hanenkamp.com]
Sent: Thursday, August 18, 2011 6:03 PM
To: Jeff Williams
Subject: Re: OWASP ESAPI for Perl
 
And I just answered my own question looking carefully at the Java EE page:

 

This is the Java EE language version of OWASP ESAPI. The ESAPI for Java EE
is the baseline ESAPI design.

 
Okay, I'm looking into this. I'm going to have to see how much time I can
manage to put towards this. If I can argue even a couple hours each month of
paid time to work on project management for this, I think I can certainly
lead a project like this. If not, I'll have to consider more carefully.

 

I will get back to you.

 

Cheers,

Sterling

 

On Thu, Aug 18, 2011 at 4:45 PM, Sterling Hanenkamp <sterling at hanenkamp.com>
wrote:
Cool. So my next question is on the technical side, what is involved in
creating an ESAPI implementation? I've looked at the documentation for some
of the languages and they all look similar. I have not seen a specification
for the ESAPI. I confess that I haven't spent a lot of time on the site yet,
so I may just be missing it.

 

Is there a spec or is one of the language implementations considered the
reference implementation (e.g., Java EE) the rest aim for?

 

Cheers,

Sterling

 

On Thu, Aug 18, 2011 at 1:01 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:

Hi Sterling,
 
This is a great idea!  We really need a Perl implementation. In fact, I had
a long discussion with NASA recently about exactly this topic.  If you¹re
interested in leading the effort, OWASP makes it really easy.  Basically
we¹ll set it up as an OWASP project and help you grow a community around the
project.  If you¹re interested, let me know and I¹ll have Paolo set you up.
 
Thanks!

 
--Jeff
 
Jeff Williams
work: 301-604-4882 <tel:301-604-4882>
mobile: 410-707-1487 <tel:410-707-1487>
 

From: Jeff Williams [mailto:jeff.williams at owasp.org]
Sent: Wednesday, August 17, 2011 12:14 PM
To: Jeff Williams
Subject: Fwd: OWASP ESAPI for Perl
 



--Jeff

 

Jeff Williams

Aspect Security

work: 410-707-1487 <tel:410-707-1487>

main: 301-604-4882 <tel:301-604-4882>

 

 
> 
> Jeff,
> 
>  
> 
> I recently gave a Lightning Talk at the Yet Another Perl Conference in
> Asheville summarizing the OWASP Top 10 and it was pretty popular. Several
> developers have asked for my slides and a couple suggested I should give that
> talk as a 50 minute talk at the next YAPC in Madison. I'm not sure about
> Madison yet, but I will be giving a 50 minute version of this talk at the
> Pittsburgh Perl Workshop in October.
> 
>  
> 
> I've been doing some work with OWASP as part of our ongoing PCI DSS compliance
> effort at work, but have no formal involvement with OWASP at this time. I see
> that there's no ESAPI implementation for Perl and wondered if there was any
> movement to build one and how I could contribute to that or how I could go
> about moving toward starting such a project. I don't know if I have the time
> to actually do this or oversee such a thing, but I have an interest and want
> to at least evaluate the possibility.
> 
>  
> 
> Anyway, the ESAPI project page says that you are the project lead, so I wanted
> to get your input on how I might get started.
> 
>  
> 
> Thank you for your time.
> 
>  
> 
> Cheers,
> 
> Sterling


 
-- 
Andrew Sterling Hanenkamp
sterling at hanenkamp.com
785.370.4454 <tel:785.370.4454>


 
-- 
Andrew Sterling Hanenkamp
sterling at hanenkamp.com
785.370.4454


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110825/1c82f200/attachment-0001.html