Mike Boberski mike.boberski at gmail.com
Thu Nov 19 21:44:01 EST 2009

Another point of comparison for your consideration: I don't see a source
code download or BSD license on that Fortify link.


On Thu, Nov 19, 2009 at 9:32 PM, Neil Matatall <neil at owasp.org> wrote:

> SWAF = software WAF
> I attended the OWASP LA meeting last night and Brian Chess of Fortify was
> speaking on, among other things, their Fortify 360 product
> http://www.fortify.com/products/fortify-360/  The Fortify product uses the
> extensibility hooks usually reserved for debuggers and profiles to inject
> security-related code such as validation, authorization checks, direct
> object references, etc by hooking into things such as servlet filters, sql
> queries, etc.
> I was thinking, this sounds awfully familiar.  It seems like a version of
> the ESAPI-WAF on steroids.     The rules looked very similar to what was
> done in the ESAPI WAF.
> Anyhow, not sure why I bring this up other than the appearances of two
> SWAFs in a relatively short time period and I love the SWAF acronym.
> And I credit Jim on the SWAF term, I just can't stop laughing.  Something
> about that acronym makes me smile.
> p.s.  Brian Chess is a really great speaker, and I recommend anyone attend
> his presentations if you get the chance.
> --
> Neil
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091119/d4377f9f/attachment.html 

More information about the OWASP-ESAPI mailing list