[OWASP-ESAPI] Current status of ESAPI
jeff.williams at owasp.org
Tue Jul 29 11:36:58 EDT 2008
Version 1.1.1 is currently the best choice for production and is in use at
several large organizations, including Sun. I think the idea of customizing
your own filter that invokes ESAPI is a good one. ESAPI is not a framework,
it's a collection of the fundamental security building blocks that you need
to build a secure application. There is some work integrating it into your
Along those lines, if anyone wants to investigate integrating ESAPI into
Struts, JSF, and/or Spring and put together some notes on what works and
what's difficult, that would be a fantastic project and very useful!
From: owasp-esapi-bounces at lists.owasp.org
[mailto:owasp-esapi-bounces at lists.owasp.org] On Behalf Of Cheng Wei Lee
Sent: Monday, July 28, 2008 11:19 PM
To: owasp-esapi at lists.owasp.org
Subject: [OWASP-ESAPI] Current status of ESAPI
Is the current status of ESAPI still beta? Is it ready to bundle with for
production release? Was thinking of writing my own filter and using the
various API (Validator, Encoder, HTTPUtilities, HTTPUtils) within this
filter as if I simply use the provided filter, I would have to do a fair bit
Is this advisable?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI