[Owasp-appsensor-project] ESAPI WAF Contribution

Juan calderon juan.calderon at owasp.org
Wed Feb 15 02:24:00 UTC 2012


That is true, latest repository is this one


On Tue, Feb 14, 2012 at 8:03 AM, Ryan Barnett <ryan.barnett at owasp.org>wrote:

> I thought that the ESAPI WAF code was being removed and separated out to
> the OWASP-JAVA-WAF project -
> http://code.google.com/p/owasp-java-waf/
>
>
> How do these two relate?
>
> -Ryan
>
> On 2/13/12 9:11 PM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
>
> >Looping in the AppSensor team...
> >
> >Michael, John, Colin, et al,
> >
> >On Thu, Feb 2, 2012 at 1:45 PM, James Manico <jim at manico.net> wrote:
> >> Looping in ESAPI leads...
> >>
> >> --
> >> Jim Manico
> >> VP, Security Architecture
> >> WhiteHat Security
> >> (808) 652-3805
> >>
> >> On Feb 2, 2012, at 8:42 AM, Jon Gill <jagill.vt at gmail.com> wrote:
> >>
> >> Hi Arshan & Jim,
> >>
> >> Roger and I had committed a contribution for ESAPI WAF back in August
> >>2011.
> >> I was just pinging you both in case you had not seen it.
> >>
> >> http://code.google.com/p/owasp-esapi-java/issues/detail?id=244
> >>
> >> Thanks!
> >> Jon
> >
> >Can you take a look at this work that Jon Gill and Roger Seagle
> >did regarding the extending ESAPI WAF and make sure that it is still
> >compatible with using AppSensor within ESAPI? I'm not sure
> >I could make an accurate assessment without diving significantly
> >into AppSensor. The changes to ESAPI WAF is limited to these 6
> >ESAPI source files:
> >
> >
> >src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
> >
> >src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.j
> >ava
> >
> >src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
> >    src/main/java/org/owasp/esapi/waf/rules/Rule.java
> >    src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
> >
> >src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.
> >javaes:
> >
> >If these changes are not compatible with using AppSensor with ESAPI, would
> >this be something that maybe the AppSensor gang would be interested in
> >considering with a similar extension?
> >
> >Thanks,
> >-kevin
> >--
> >Blog: http://off-the-wall-security.blogspot.com/
> >"The most likely way for the world to be destroyed, most experts agree,
> >is by accident. That's where we come in; we're computer professionals.
> >We *cause* accidents."        -- Nathaniel Borenstein
> >_______________________________________________
> >Owasp-appsensor-project mailing list
> >Owasp-appsensor-project at lists.owasp.org
> >https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20120214/c80cb872/attachment.html>


More information about the Owasp-appsensor-project mailing list