[Esapi-dev] Help regarding issue 251
jim.manico at owasp.org
Thu Oct 2 21:18:30 UTC 2014
Indeed it is. DateFormat for Java 6 stops processing of the Date as soon as
it's valid. Is it worth bringing this issue to the JCP as well?
On Oct 2, 2014, at 2:00 PM, Jeff Williams <jeff.williams at aspectsecurity.com>
It’s a good bug.
*From:* esapi-dev-bounces at lists.owasp.org [
mailto:esapi-dev-bounces at lists.owasp.org <esapi-dev-bounces at lists.owasp.org>]
*On Behalf Of *Fabio Cerullo
*Sent:* Thursday, October 02, 2014 4:44 PM
*To:* Jim Manico
*Cc:* esapi-dev at lists.owasp.org
*Subject:* Re: [Esapi-dev] Help regarding issue 251
Thanks for your interest to fix ESAPI issues. Someone from the dev team
will help you out addressing this or any other bug that might interest you.
On Thursday, 2 October 2014, Jim Manico <jim.manico at owasp.org> wrote:
You do not stop injection at the input validation layer, I do not
think this is a good bug.
> On Oct 2, 2014, at 10:53 AM, Nalin Goel <naling1994 at gmail.com
> Hi guys,
> I am new to open-source and would like to work with owasp-esapi.
> I did some research on issue 251(IsValidDate not recognizing inection
attacks) and would appreciate guidance as well as feedback as to what our
inputs might be.
> Any help on getting me started is appreciated .
> Esapi-dev mailing list
Esapi-dev mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev