[Owasp-appsensor-project] ESAPI WAF Contribution

Ryan Barnett ryan.barnett at owasp.org
Tue Feb 14 14:03:24 UTC 2012


I thought that the ESAPI WAF code was being removed and separated out to
the OWASP-JAVA-WAF project -
http://code.google.com/p/owasp-java-waf/


How do these two relate?

-Ryan

On 2/13/12 9:11 PM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

>Looping in the AppSensor team...
>
>Michael, John, Colin, et al,
>
>On Thu, Feb 2, 2012 at 1:45 PM, James Manico <jim at manico.net> wrote:
>> Looping in ESAPI leads...
>>
>> --
>> Jim Manico
>> VP, Security Architecture
>> WhiteHat Security
>> (808) 652-3805
>>
>> On Feb 2, 2012, at 8:42 AM, Jon Gill <jagill.vt at gmail.com> wrote:
>>
>> Hi Arshan & Jim,
>>
>> Roger and I had committed a contribution for ESAPI WAF back in August
>>2011.
>> I was just pinging you both in case you had not seen it.
>>
>> http://code.google.com/p/owasp-esapi-java/issues/detail?id=244
>>
>> Thanks!
>> Jon
>
>Can you take a look at this work that Jon Gill and Roger Seagle
>did regarding the extending ESAPI WAF and make sure that it is still
>compatible with using AppSensor within ESAPI? I'm not sure
>I could make an accurate assessment without diving significantly
>into AppSensor. The changes to ESAPI WAF is limited to these 6
>ESAPI source files:
>
>    
>src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
>    
>src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.j
>ava
>    
>src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
>    src/main/java/org/owasp/esapi/waf/rules/Rule.java
>    src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
>    
>src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.
>javaes:
>
>If these changes are not compatible with using AppSensor with ESAPI, would
>this be something that maybe the AppSensor gang would be interested in
>considering with a similar extension?
>
>Thanks,
>-kevin
>--
>Blog: http://off-the-wall-security.blogspot.com/
>"The most likely way for the world to be destroyed, most experts agree,
>is by accident. That's where we come in; we're computer professionals.
>We *cause* accidents."        -- Nathaniel Borenstein
>_______________________________________________
>Owasp-appsensor-project mailing list
>Owasp-appsensor-project at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project




More information about the Owasp-appsensor-project mailing list